Техническая информация
- '<SYSTEM32>\cmd.exe' /c del "<Полный путь к файлу>"
- '<SYSTEM32>\dllhost.exe'
- '<SYSTEM32>\ctfmon.exe'
- <SYSTEM32>\dllhost.exe
- <SYSTEM32>\ctfmon.exe
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: 'SmartSniff', WindowName: 'SmartSniff'
- <SYSTEM32>\api-ms-win-core-memory-l2-1-226.dll
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\NfMJVnEramUz[1]
- 'po####.sicent.net':80
- 'm.###ud.189.cn':80
- http://po####.sicent.net/indeX07.dat
- http://m.###ud.189.cn/t/NfMJVnEramUz
- DNS ASK po####.sicent.net
- DNS ASK m.###ud.189.cn