Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Mnopqr Tuvwxyab Def] 'Start' = '00000002'
- '%WINDIR%\ggiogq.exe'
- '<SYSTEM32>\wscript.exe' "C:\4286.vbs"
- C:\4286.vbs
- %WINDIR%\ggiogq.exe
- C:\4286.vbs
- '<IP-адрес в локальной сети>':8086
- 'ip.#a2.cn':80
- http:///ip/127.0.0.1 via ip.#a2.cn
- DNS ASK ip.#a2.cn