Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\AppMgmt] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\744D09E6] 'Start' = '00000002'
- <SYSTEM32>\appmgmts.dll
- <SYSTEM32>\cmd.exe /c ""%TEMP%\655f74a8.bat" "
- %TEMP%\655f74a8.bat
- <SYSTEM32>\744D09E6.sys
- %TEMP%\stinst.log
- 'www.xi###ijia.com':2011
- 'www.81###966.com':2011
- DNS ASK www.xi###ijia.com
- DNS ASK www.81###966.com