Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Internet Name Service] 'Start' = '00000002'
- '<SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe'
- '%WINDIR%\Temp\32732' -u "<SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\"
- '%TEMP%\7ZipSfx.000\explorer.exe'
- '<SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe' /Service
- '<SYSTEM32>\cmd.exe' /c "%WINDIR%\TEMP\134.bat"
- <SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\queries-02.cache
- %WINDIR%\Temp\32732
- %WINDIR%\Temp\134.bat
- %TEMP%\7ZipSfx.000\config.txt
- %TEMP%\7ZipSfx.000\explorer.exe
- <SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
- %WINDIR%\Temp\32732
- %TEMP%\7ZipSfx.000\explorer.exe
- %TEMP%\7ZipSfx.000\config.txt
- 'www.hy###get.com':80
- www.hy###get.com/drm_check.php
- DNS ASK www.hy###setup.com
- DNS ASK www.hy###put.com
- DNS ASK www.hy###get.com