Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Mnopqr Tuvwxyab Def] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Opqrst Vwxyabcd Fgh] 'Start' = '00000002'
- 'C:\Mirclien.exe'
- '<SYSTEM32>\eeosec.exe'
- 'C:\Mirclient.exe'
- '<SYSTEM32>\rebfec.exe'
- C:\Mirclien.exe
- <SYSTEM32>\eeosec.exe
- C:\Mirclient.exe
- <SYSTEM32>\rebfec.exe
- C:\Mirclien.exe в %TEMP%\SOFTWARE.LOG
- C:\Mirclient.exe в %TEMP%\SOFTWARE.LOG
- 'be######huanqi.meibu.com':2568
- 'be######huanqi.meibu.com':19730
- '19#.#27.245.114':11100
- DNS ASK be######huanqi.meibu.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'