Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ktraiy Pmgpulfo Dsv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Ktraiy Pmgpulfo Dsv] 'ImagePath' = '<SYSTEM32>\svchost.exe -k imgsvc'
- C:\Net-Temp.ini
- %ProgramFiles%\Oons\Nmfvuopkq.pic
- C:\Net-Temp.ini
- C:\Net-Temp.ini
- '15####t2q2.iask.in':22424
- DNS ASK 15####t2q2.iask.in
- '<SYSTEM32>\rundll32.exe' "%ProgramFiles%\Oons\Nmfvuopkq.pic" XiaoDeBu