Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\MSware] 'Start' = '00000002'
- %TEMP%\DeepFreezePasswordRemover.exe SYSTEM
- %TEMP%\DeepFreezePasswordRemover.exe
- %TEMP%\ip2.exe
- <SYSTEM32>\svchost.exe -KMSware
- <SYSTEM32>\mbmide.dll
- %WINDIR%\Temp\2972.exe
- <SYSTEM32>\00004b6ca.001
- %TEMP%\ip2.exe
- %TEMP%\DeepFreezePasswordRemover.exe
- %TEMP%\ip2.exe
- 'lo###etvip.cn':80
- lo###etvip.cn/images/ip2.txt
- DNS ASK lo###etvip.cn