Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ufad-dns60] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k ufad-dns60
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\Admin_Post[1].htm
- C:\ygAMtxhAJqE.dll
- <SYSTEM32>\vaBCYnwkwbKS.dll
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\Admin_Post[1].htm
- C:\ygAMtxhAJqE.dll в <SYSTEM32>\vaBCYnwkwbKS.dll
- '49###.vicp.cc':8080
- 'to##.#mtongji.cn':80
- to##.#mtongji.cn/Admin_Post.Asp
- DNS ASK 49###.vicp.cc
- DNS ASK to##.#mtongji.cn