Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Wszonh ntxiieas] 'Start' = '00000002'
- '%WINDIR%\Ubkbmdn.exe'
- '%WINDIR%\CFСЕАјЦЖЧчРЎВн.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- ClassName: 'Filemonclass' WindowName: ''
- ClassName: 'Regmonclass' WindowName: ''
- %WINDIR%\Ubkbmdn.exe
- %WINDIR%\CFСЕАјЦЖЧчРЎВн.exe
- %WINDIR%\CFСЕАјЦЖЧчРЎВн.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <DRIVERS>\etc\hosts
- '<IP-адрес в локальной сети>':2014
- '12#.#25.114.144':80
- 12#.#25.114.144/cfpanguan/item/f76a570c02616ff91ff046a5?qq###############
- DNS ASK hi.##idu.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- ClassName: '4823-00000029' WindowName: ''