Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{C21FBA33-9840-78BD-A44C-E5DD7A354C09}] 'StubPath' = '<SYSTEM32>:msomsysdems.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>:msomsysdems.exe
- 'no####.qipian.org':443
- 'xy####8754.2288.org':443
- DNS ASK no####.qipian.org
- DNS ASK xy####8754.2288.org