Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Microsoft File Manager' = 'winblock.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft File Manager' = 'winblock.exe'
- '<SYSTEM32>\winblock.exe' 284 "<Полный путь к вирусу>"
- <SYSTEM32>\winblock.exe
- <SYSTEM32>\winblock.exe
- 'www.xj##ar.info':51987
- DNS ASK www.xj##ar.info