Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = '<SYSTEM32>\LoAcc.lnk'
- <SYSTEM32>\rundll32.exe
- <SYSTEM32>\rundll32.exe
- <SYSTEM32>\LoAcc.exe
- <SYSTEM32>\LoAcc.lnk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip.chinaz[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\city[1].asp
- 'if####.ip138.com':80
- 'ip.##inaz.com':80
- 'localhost':1035
- if####.ip138.com/city.asp
- ip.##inaz.com/
- DNS ASK if####.ip138.com
- DNS ASK ip.##inaz.com