Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\bf32d3b0] 'ImagePath' = '<Полный путь к файлу>'
- [<HKLM>\SYSTEM\ControlSet001\Services\bf32d3b0] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' start bf32d3b0
- '<SYSTEM32>\cmd.exe' /c sc start bf32d3b0
- %WINDIR%\Temp\MSQFFHN.tmp
- 'g-#.cool':80
- http://g-#.cool/dirbak.php
- http://g-#.cool/dir.php
- http://g-#.cool/ver532.php
- DNS ASK g-#.cool