Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\.Net CLR] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\.Net CLR] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\.Net CLR\Parameters] 'ServiceDll' = 'C:\ProgramData\Microsoft\Windows\GameExplorer\Remote.hlp'
- C:\programdata\microsoft\windows\gameexplorer\remote.hlp
- <SYSTEM32>\delete00.bat
- C:\programdata\microsoft\windows\gameexplorer\remote.hlp
- 'localhost':1314
- '<LOCALNET>.64.19':14049
- '<LOCALNET>.64.19':5805
- DNS ASK 6s.##t579.com
- DNS ASK ji##i.ink
- DNS ASK fu####.f3322.net
- ClassName: '5B3838F5-0C81-46D9-A4C0-6EA28CA3E942' WindowName: ''
- '<SYSTEM32>\net.exe' start .Net CLR' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\\Delete00.bat' (со скрытым окном)
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\net.exe' start .Net CLR
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\\Delete00.bat
- '<SYSTEM32>\net1.exe' start .Net CLR
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\rundll32.exe' C:\ProgramData\Microsoft\Windows\GameExplorer\Remote.hlp,init default |3756