Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\MNetcService] 'Start' = '00000002'
- %WINDIR%\Server.exe
- %CommonProgramFiles%\2ED8F20C.exe
- %CommonProgramFiles%\384F0C04.exe
- <SYSTEM32>\ping.exe 127.0.0.1
- <SYSTEM32>\cmd.exe /c ""%CommonProgramFiles%\DeleteBat.bat" %CommonProgramFiles%\2ED8F20C.exe"
- ClassName: 'Filemonclass' WindowName: ''
- ClassName: 'Regmonclass' WindowName: ''
- %WINDIR%\Server.dll
- %CommonProgramFiles%\DeleteBat.bat
- %WINDIR%\Server.exe
- %CommonProgramFiles%\2ED8F20C.exe
- %CommonProgramFiles%\384F0C04.exe
- %CommonProgramFiles%\2ED8F20C.exe
- 'dz####45293.vicp.cc':86
- 'bl##.#ina.com.cn':80
- bl##.#ina.com.cn/s/blog_73fb5dee01019n8m.html
- DNS ASK dz####45293.vicp.cc
- DNS ASK bl##.#ina.com.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- ClassName: '4823-00000029' WindowName: ''