Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32] 'Startup' = 'ServiceMain'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32] 'DllName' = ''
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\wups3.dll
- <SYSTEM32>\wups3.dll
- 'ge#.#avow.cn':80
- 'xp.#avow.cn':80
- 'xp.##8vow.cn':80
- 'nb###.eicp.net':80
- 'ge#.#68vow.cn':80
- ge#.#avow.cn/x.asp
- xp.#avow.cn/x.asp
- xp.##8vow.cn/x.asp
- nb###.eicp.net/x.asp
- ge#.#68vow.cn/x.asp
- DNS ASK ge#.#avow.cn
- DNS ASK xp.#avow.cn
- DNS ASK xp.##8vow.cn
- DNS ASK nb###.eicp.net
- DNS ASK ge#.#68vow.cn