Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] '{08249a50-7a1c-439d-8258-5b789191f7f2}' = 'holocrystalline'
- <SYSTEM32>\rundll32.exe <SYSTEM32>\bbtqwm.dll,windows
- %TEMP%\rb2.tmp
- %TEMP%\br1.exe
- <SYSTEM32>\bbtqwm.dll
- %TEMP%\br1.exe
- 'is#####tiviruspro.com':80
- 'cr###genom.com':80
- is#####tiviruspro.com/sync.php
- cr###genom.com/get_cg.php?pa##########
- DNS ASK is#####tiviruspro.com
- DNS ASK cr###genom.com
- ClassName: 'Shell_TrayWnd' WindowName: ''