Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\GoogleService.exe'
- '%WINDIR%\GoogleService.exe'
- %WINDIR%\Explorer.EXE
- %TEMP%\159765_res.tmp
- C:\MyTemp
- %WINDIR%\GoogleService.exe
- <SYSTEM32>\msoffice_ex.dll
- C:\MyTemp
- %TEMP%\159765_res.tmp в <SYSTEM32>\msoffice_ex.dll
- 'Bl###.Asis0day.Biz':8888
- DNS ASK Bl###.Asis0day.Biz