Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Mcrosoft70M] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Mcrosoft70M] 'ImagePath' = '%ProgramFiles%\Internet Explorer\iexpore.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\P360] 'ImagePath' = '<DRIVERS>\p360.sys'
- %ProgramFiles%\Internet Explorer\iexpore.exe
- <Текущая директория>\pXXX.exe
- <DRIVERS>\p360.sys
- <Текущая директория>\pXXX.exe
- 'localhost':1038
- 'ho##.#raffiti.net':80
- http://ho##.#raffiti.net/zhonghua/70Set.txt
- DNS ASK ho##.#raffiti.net
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '<Полный путь к файлу>'
- '%ProgramFiles%\Internet Explorer\iexpore.exe'
- '<Текущая директория>\pXXX.exe'
- '<SYSTEM32>\sc.exe' create Mcrosoft70M BinPath= "%ProgramFiles%\Internet Explorer\iexpore.exe" start= auto
- '<SYSTEM32>\net.exe' start Mcrosoft70M
- '<SYSTEM32>\net1.exe' start Mcrosoft70M
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'