Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'qivService' = '<SYSTEM32>\rundll32.exe "<LS_APPDATA>\MicroSoft UpdateServices\Services.dll" install'
- <LS_APPDATA>\MicroSoft UpdateServices\Services.dll
- <LS_APPDATA>\MicroSoft UpdateServices\ID56SD.tmp
- <LS_APPDATA>\MicroSoft UpdateServices\stass
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\CWVFBPXAST-down[1]
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\down[1]
- 'ma##.apm.co.kr':80
- http://ma##.apm.co.kr/./pds/data/CWVFBPXAST-down
- http://ma##.apm.co.kr/./pds/down
- http://ma##.apm.co.kr/./pds/data/upload.php
- DNS ASK ma##.apm.co.kr
- '<SYSTEM32>\rundll32.exe' "<LS_APPDATA>\MicroSoft UpdateServices\Services.dll" install