Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\msdlywdws] 'Start' = '00000002'
- %PROGRAM_FILES%\Windows NT\Accessories\nt\lsass.exe
- <SYSTEM32>\cmd.exe /c %TEMP%\nfnegd.bat
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\checkip[1]
- %TEMP%\nfnegd.bat
- %PROGRAM_FILES%\Windows NT\Accessories\nt\lsass.exe
- 'www.ch##kip.org':80
- www.ch##kip.org/
- DNS ASK www.ch##kip.org