Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Internet Name Service] 'Start' = '00000002'
- '%WINDIR%\Temp\21865' -u "<SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\"
- '<SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe'
- '<SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe' /Service
- '<SYSTEM32>\cmd.exe' /c "%WINDIR%\TEMP\22019.bat"
- %WINDIR%\Temp\21865
- %WINDIR%\Temp\22019.bat
- <SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
- <SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\queries-02.cache
- %WINDIR%\Temp\21865
- 'www.hy###setup.com':80
- 'www.hy###get.com':80
- www.hy###get.com/update2.php
- www.hy###setup.com/drm_check.php
- www.hy###get.com/drm_check.php
- DNS ASK www.hy###put.com
- DNS ASK www.hy###setup.com
- DNS ASK www.hy###get.com