Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\.Net CLR] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\.Net CLR] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\.Net CLR\Parameters] 'ServiceDll' = 'C:\ProgramData\Microsoft\Windows\GameExplorer\Remote.hlp'
- ClassName: 'TXGuiFoundation', WindowName: 'µçÄԹܼÒ - ÍøÂçÁ÷Á¿¹ÜÀГ'
- C:\programdata\microsoft\windows\gameexplorer\remote.hlp
- <SYSTEM32>\delete00.bat
- C:\programdata\microsoft\windows\gameexplorer\remote.hlp
- '<LOCALNET>.58.13':5200
- '<LOCALNET>.58.13':5805
- DNS ASK 1d#####850.iok.la:31016
- DNS ASK ji##i.ink
- DNS ASK fu####.f3322.net
- ClassName: 'Q360NetFosClass' WindowName: '360Á÷Á¿·À»ðǽ'
- '<SYSTEM32>\sc.exe' failure .Net CLR reset= 86400 actions= restart/1000' (со скрытым окном)
- '<SYSTEM32>\net.exe' start .Net CLR' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\\Delete00.bat' (со скрытым окном)
- '<SYSTEM32>\sc.exe' failure .Net CLR reset= 86400 actions= restart/1000
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\net.exe' start .Net CLR
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\\Delete00.bat
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\net1.exe' start .Net CLR