Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\kexserv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\kxesrev] 'Start' = '00000002'
- '%WINDIR%\kexserv.exe'
- '<SYSTEM32>\kxesrev.exe'
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\shanchu.bat
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://www.cq###.com:802/003/add.asp?u=########
- <SYSTEM32>\shanchu.bat
- %WINDIR%\kexserv.exe
- <SYSTEM32>\kxesrev.exe
- '12#.#2.175.14':8115
- 'a.##455.com':801
- 'localhost':8389
- DNS ASK a.##455.com