Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Net CLR] 'Start' = '00000002'
- '%WINDIR%\atiecli.exe'
- '<SYSTEM32>\cmd.exe' /c afc9fe2f418b00a0.bat
- <Текущая директория>\afc9fe2f418b00a0.bat
- %WINDIR%\atiecli.exe
- 'www.ai###gji.com':8897
- 'localhost':2014
- 'ko####0.f3322.org':2014
- DNS ASK www.ai###gji.com
- DNS ASK bu#.##gongji.com
- DNS ASK ko####0.f3322.org