Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Host Process For Windows Service' = '%APPDATA%\Microsoft Service\svchost.exe'
- '%APPDATA%\Microsoft Service\svchost.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\win617601.vbs"
- %TEMP%\win617601.vbs
- %APPDATA%\Microsoft Service\svchost.exe
- %APPDATA%\sn.dat1
- %TEMP%\win617601.vbs
- %APPDATA%\Microsoft Service\svchost.exe
- %APPDATA%\sn.dat1
- 'si####new.funpic.de':80
- 'wp#d':80
- si####new.funpic.de/image2.jpeg
- wp#d/wpad.dat
- DNS ASK si####new.funpic.de
- DNS ASK wp#d