Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '54rk' = ''
- <SYSTEM32>\loadfalse.exe loadfalse
- %WINDIR%\rindll.exe
- %WINDIR%\dllhest.exe
- <SYSTEM32>\cmd.exe /c updataself.bat
- dnf.exe
- %WINDIR%\rindll.exe
- <Текущая директория>\updataself.bat
- %WINDIR%\dllhest.exe
- %WINDIR%\getconfig.info
- <SYSTEM32>\loadfalse.exe
- %WINDIR%\rindll.exe
- %WINDIR%\dllhest.exe
- 'ks#####wbdf.webok.net':1314
- '12#.#0.105.114':85
- 'localhost':1035
- 'localhost':1037
- DNS ASK ks#####wbdf.webok.net