Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe /c "%TEMP%\4.tmp.bat"
- <SYSTEM32>\svchost.exe -k netsvcs
- %HOMEPATH%\RCX3.tmp
- %TEMP%\4.tmp.bat
- %TEMP%\1.tmp
- %TEMP%\RCX2.tmp
- %HOMEPATH%\6to4dll.dll
- %TEMP%\1.tmp
- 'ac######rv.blog-pixnet.com':443
- 'bl##.#luestartw.com':443
- DNS ASK ac######rv.blog-pixnet.com
- DNS ASK bl##.#luestartw.com