Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WindowsUserManagement] 'Start' = '00000002'
- <SYSTEM32>\attrib.exe \wumsvc.dll -s -h
- <SYSTEM32>\svchost.exe -k nets
- <SYSTEM32>\wumsvc.dll
- %TEMP%\МЁНе…ўЕcAPECёчґОј‰Х“‰Їґ°їЪ†ОО».doc
- %TEMP%\iexplore.exe
- 'st####.blogdns.com':8080
- '21#.#54.9.219':8080
- '61.##.211.158':8080
- 'st####.blogdns.com':81
- '21#.#54.9.219':81
- '61.##.211.158':81
- 'st####.blogdns.com':80
- '21#.#54.9.219':80
- '61.##.211.158':80
- 'st####.blogdns.com':8800
- '21#.#54.9.219':8800
- '61.##.211.158':8800
- st####.blogdns.com/index.asp?se########################################################################
- 21#.#54.9.219/index.asp?se########################################################################
- 61.##.211.158/index.asp?se########################################################################
- DNS ASK st####.blogdns.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''