Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\webClients] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\p[1].jpg
- %ALLUSERSPROFILE%\Application Data\NUL.UHDATAX.IMG
- <SYSTEM32>\config\SysEvent.Evt
- <SYSTEM32>\config\SecEvent.Evt
- <SYSTEM32>\config\AppEvent.Evt
- 'm.####nao123.com':80
- m.####nao123.com/p.jpg
- DNS ASK m.####nao123.com