Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ln0626' = ''
- '<SYSTEM32>\rundll32.exe' "%CommonProgramFiles%\system\ln0626.dll",RemoveMe <Полный путь к вирусу>
- '<SYSTEM32>\rundll32.exe' "%CommonProgramFiles%\system\ln0626.dll",RunDll
- %CommonProgramFiles%\System\ln0626.dll
- 'ke####.audi29.com':118
- 'ke####.audi29.com':110
- 'ke###.audi29.com':100
- 'ke###.audi29.com':94
- 'ke####.audi29.com':113
- 'ke####.audi29.com':111
- 'ke####.audi29.com':112
- 'ke####.audi29.com':119
- '<IP-адрес в локальной сети>':0
- '22#.#31.29.16':6380
- 'ke####.audi29.com':115
- 'ke####.audi29.com':114
- 'ke####.audi29.com':116
- DNS ASK ke###.audi29.com
- DNS ASK ke####.audi29.com