Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Local Security Authortity Process' = '%APPDATA%\Microsoft\lsass.exe'
- %APPDATA%\Microsoft\lsass.exe
- %APPDATA%\7za.exe x "%APPDATA%\Microsoft\a1.7z" -aoa -o"%APPDATA%\Microsoft" -psmells
- %APPDATA%\Microsoft\n
- %TEMP%\nsl3.tmp\ExecDos.dll
- %APPDATA%\Microsoft\lsass.exe
- %TEMP%\nsz2.tmp
- %APPDATA%\7za.exe
- %APPDATA%\Microsoft\a1.7z
- %TEMP%\nsl3.tmp\ExecDos.dll
- 'mi###dreamz.com':80
- mi###dreamz.com/adbox/submit.php
- mi###dreamz.com/adbox/submit.php?mo######################
- DNS ASK mi###dreamz.com