Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wnpsvc] 'Start' = '00000002'
- <SYSTEM32>\wnpsvc.exe
- <SYSTEM32>\net1.exe start wnpsvc
- <SYSTEM32>\wnpsvc.exe
- 'hi.##idu.com':80
- hi.##idu.com/wnpsvc/blog/item/79b23a594ec80d88800a18d7.html
- DNS ASK hi.##idu.com