Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\$GMH] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k netsvcs
- <SYSTEM32>\ServerGMH.dll
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\10000[1].txt
- %TEMP%\Server.dll
- <SYSTEM32>\ServerGMH.ini
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\10000[1].txt
- '<IP-адрес в локальной сети>':0
- 'gm###.vip5944.com':80
- 'ko#####gjin.3322.org':800
- gm###.vip5944.com/RegUser/10000.txt
- DNS ASK gm###.vip5944.com
- DNS ASK ko#####gjin.3322.org
- '<IP-адрес в локальной сети>':1034
- ClassName: 'Afx:400000:0' WindowName: ''