Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\aspnet_states] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\DSLserverorm] 'Start' = '00000002'
- '%TEMP%\100.exe'
- '<SYSTEM32>\hujzua.exe'
- '%TEMP%\vip.exe'
- '<SYSTEM32>\aaeaaa.exe'
- <SYSTEM32>\aaeaaa.exe
- <SYSTEM32>\hujzua.exe
- %TEMP%\vip.exe
- %TEMP%\100.exe
- %TEMP%\100.exe в %TEMP%\SOFTWARE.LOG
- 'any':1001
- 'any':1002
- DNS ASK ap#.#oho1z.com
- DNS ASK ge###.api520.com
- DNS ASK cc.##i520.com