Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '770accff2b' = '%APPDATA%\770accff2b\f2b92.exe'
- Компонент восстановления системы (SR)
- '<SYSTEM32>\svchost.exe' netsvcs
- '%WINDIR%\explorer.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- %APPDATA%\770accff2b\f2b92.exe
- 'no#e.pl':80
- 'ko######se-erstberatung.de':80
- 'ri###lstone.kz':80
- 'gm##015.tk':80
- 'ef#####tanesi.com.tr':80
- http://no#e.pl/C4uRnf.php?v=##############
- http://ko######se-erstberatung.de/OLvfWS.php?w=##############
- http://ri###lstone.kz/9PAI_h.php?m=##############
- http://gm##015.tk/kidr5Q.php?l=##############
- http://ef#####tanesi.com.tr/Miwa0O.php?w=##############
- DNS ASK no#e.pl
- DNS ASK ko######se-erstberatung.de
- DNS ASK ri###lstone.kz
- DNS ASK gm##015.tk
- DNS ASK ef#####tanesi.com.tr