Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Hqcqjb Avngrnyp] 'ImagePath' = '<SYSTEM32>\svchost.exe -k imgsvc'
- [<HKLM>\SYSTEM\ControlSet001\Services\Hqcqjb Avngrnyp] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k imgsvc
- %ProgramFiles%\Witb\Hkkituysl.jpg
- C:\NetTemp.ini
- C:\NetTemp.ini
- C:\NetTemp.ini
- 'ma####.codns.com':3466
- DNS ASK ma####.codns.com