Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wscsvc] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe
- %WINDIR%\Explorer.EXE
- C:\RECYCLER\S-1-5-18\$2ebe1c2e2a38cb36436c4d1cb8c2630c\@
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\$2ebe1c2e2a38cb36436c4d1cb8c2630c\n
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\$2ebe1c2e2a38cb36436c4d1cb8c2630c\@
- '21#.#08.252.185':80
- 'pr####.fling.com':80
- 21#.#08.252.185/5699145-24B8EBEDAA47374020E664A2406FB684/counter.img?th###############################
- pr####.fling.com/geo/txt/city.php
- DNS ASK ��#�
- DNS ASK ��#�yG
- DNS ASK ��#�1
- DNS ASK ��#�Rd�
- DNS ASK ��#� r�
- DNS ASK pr####.fling.com
- DNS ASK ��#�/v
- DNS ASK ��#@�o�