Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TapiSrv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Eventlog] 'Start' = '00000002'
- %TEMP%\jcwbxz.bat
- 'li##.#qjinpai.com':80
- 'li###.qqjinpai.com':80
- http://li##.#qjinpai.com/vip/mxd2/mxd2banben.txt
- http://li###.qqjinpai.com/vip/mxd2/mxd2banben.txt
- DNS ASK li##.#qjinpai.com
- DNS ASK li###.qqjinpai.com
- '<SYSTEM32>\cmd.exe' /c %TEMP%\jcwbxz.bat
- '<SYSTEM32>\sc.exe' config TapiSrv start= AUTO
- '<SYSTEM32>\sc.exe' start TapiSrv
- '<SYSTEM32>\sc.exe' config eventlog start= AUTO
- '<SYSTEM32>\sc.exe' start eventlog
- '<SYSTEM32>\sc.exe' config SstpSvc start= AUTO
- '<SYSTEM32>\sc.exe' start SstpSvc