Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Wmi] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe /c "%TEMP%\4.tmp.bat"
- <SYSTEM32>\svchost.exe -k netsvcs
- %HOMEPATH%\RCX3.tmp
- %TEMP%\4.tmp.bat
- %TEMP%\1.tmp
- %TEMP%\RCX2.tmp
- %HOMEPATH%\g23h5.dll
- %TEMP%\1.tmp
- 'up####.tech-tw.com':80
- 'we#####.bluestartw.com':80
- DNS ASK up####.tech-tw.com
- DNS ASK we#####.bluestartw.com