Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '360' = '<SYSTEM32>\360 /Self'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %TEMP%\IXP000.TMP\4516.exe
- <SYSTEM32>\notepad.exe
- <SYSTEM32>\360
- %TEMP%\IXP000.TMP\4516.exe
- 'yy#####10qaz.gicp.net':4516
- DNS ASK yy#####10qaz.gicp.net
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Notepad' WindowName: ''