Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'PXGurmVxd' = '%APPDATA%\VlkZWLYPo.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %APPDATA%\VlkZWLYPo.exe:ZONE.identifier
- %APPDATA%\VlkZWLYPo.exe
- %APPDATA%\fp.txt
- 'wm##ot.org':80
- wm##ot.org/run.php
- DNS ASK wm##ot.org
- ClassName: 'Indicator' WindowName: ''