Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RpcsSvces] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k RpcsSvces
- <SYSTEM32>\ctfmon.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\g3h0bWaFU8.del
- %CommonProgramFiles%\Microsoft Shared\MSInfo\mcVUTCyw.dll
- %CommonProgramFiles%\Microsoft Shared\MSInfo\g3h0bWaFU8.ini
- %CommonProgramFiles%\Microsoft Shared\MSInfo\g3h0bWaFU8.del
- 'www.zi#i.cc':80
- www.zi#i.cc/srat/sratip.txt
- DNS ASK www.zi#i.cc
- '<IP-адрес в локальной сети>':1037