Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Movie' = '%TEMP%\dmw.exe'
- '<SYSTEM32>\net1.exe' stop uxsms
- '<SYSTEM32>\net.exe' stop uxsms
- 's.##p14.com':6651
- 'in.##whits.com':80
- in.##whits.com/n/cont.php
- DNS ASK in.##whits.com
- DNS ASK s.##p14.com
- ClassName: 'Indicator' WindowName: '(null)'