Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Janis Petke' = '%APPDATA%\temp\Asvchost.exe'
- %APPDATA%\temp\Asvchost.exe
- %TEMP%\Dropper.exe
- %APPDATA%\temp\Asvchost.exe
- %APPDATA%\temp\Set.bin
- %TEMP%\Dropper.exe
- %TEMP%\calc.exe
- %APPDATA%\temp\Set.bin
- 'be####bo.site11.com':80
- be####bo.site11.com/Webpanel/ip.php
- be####bo.site11.com/Webpanel/connect.php
- DNS ASK be####bo.site11.com