Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Alerter Computer Message] 'Start' = '00000002'
- %PROGRAM_FILES%\Microsoft Players\svchost.exe
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\net.exe stop sharedaccess
- %PROGRAM_FILES%\Microsoft Players\svchost.exe
- C:\TempChong
- C:\TempChong
- 'du###2.3322.org':802
- DNS ASK du###2.3322.org