Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\msafeguard] 'Start' = '00000002'
- %APPDATA%\msafeguard.exe
- <SYSTEM32>\cmd.exe /c """%TEMP%\_check32.bat"" "
- %TEMP%\_check32.bat
- %WINDIR%\Temp\local_x86.log
- %TEMP%\~1.tmp
- %APPDATA%\msafeguard.exe
- '94.##0.17.182':80
- '66.##.70.131':80
- 'www.we#.de':80
- 'ns.#k2.net':53
- '67.##5.160.76':80
- 66.##.70.131/forumPost.asp
- 94.##0.17.182/forumPost.asp
- DNS ASK www.we#.de
- DNS ASK www.ya##o.com
- DNS ASK ns.#k2.net