Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinSrv' = '%TEMP%\windows-sync.exe'
- %TEMP%\windows-sync.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ret[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\job[1].php
- %TEMP%\windows-sync.exe
- %TEMP%\windows-sync.exe
- 'wi###ritas.com':80
- wi###ritas.com/ret.php?cp##################
- wi###ritas.com/job.php
- DNS ASK wi###ritas.com
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Indicator' WindowName: ''