Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wstimesvc] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\ud.bat
- '<SYSTEM32>\svchost.exe' -k netsvcs
- %WINDIR%\Temp\029666E0.TMP
- %TEMP%\ud.bat
- <SYSTEM32>\wstimesvc.dll
- 'www.mi##.co.kr':80
- www.mi##.co.kr/xe/addons/mobile/mobile.layout.php
- DNS ASK www.mi##.co.kr