Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wowsng' = 'rundll32.exe "%TEMP%\wowsng.dll",ComputeTangentFrame'
- '<SYSTEM32>\rundll32.exe' "%TEMP%\wowsng.dll",LoadMemory
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\id=AQASAAEA4CICAAEFBhcAAAAAAAAAAAAAAAAAAAAlDAQGCwAAANJuahDhEciCrLhtgiZvmW8AAFVVVVVVVVVVVVVVVVVVVVXtCdIBpN3XROMKAgBWVFFcXl...
- %TEMP%\wowsng.dll
- '12#####.#reatfilehosting.net':80
- http://12#####.#reatfilehosting.net/file/id=AQASAAEA4CICAAEFBhcAAAAAAAAAAAAAAAAAAAAlDAQGCwAAANJuahDhEciCrLhtgiZvmW8AAFVVVVVVVVVVVVVVVVVVVVXtCdIBpN3XROMKAgBWVFFcXlNCWH9nd3RrZ3hqegYBAjRW&rt=AAAAA...
- DNS ASK 12#####.#reatfilehosting.net