Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SafeBox] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\KMe.bat
- '<SYSTEM32>\svchost.exe' -k netservice
- <SYSTEM32>\KMe.bat
- <SYSTEM32>\System64.dll
- <SYSTEM32>\System64.dat
- 'zh###c.gicp.net':10080
- DNS ASK zh###c.gicp.net
- ClassName: 'Afx:400000:0' WindowName: '(null)'