Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\usbctl] 'Start' = '00000002'
- '<SYSTEM32>\usbctl.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\~F1783AC124DE123.bat" "
- [<HKCU>\SOFTWARE\Far2\Plugins\FTP\Hosts]
- %TEMP%\~F1783AC124DE123.bat
- %ALLUSERSPROFILE%\Application Data\AF149238CEF2A859E9A
- %ALLUSERSPROFILE%\Application Data\4719AF82BBCD1946FFE
- <SYSTEM32>\usbctl.exe
- %ALLUSERSPROFILE%\Application Data\4719AF82BBCD1946FFE
- '21#.#17.162.51':80
- '98.##3.147.252':80
- 'www.we#.de':80
- 'ns.#k2.net':53
- '67.##5.160.76':80
- DNS ASK www.we#.de
- DNS ASK www.ya##o.com
- DNS ASK ns.#k2.net