Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ComRepl' = '<SYSTEM32>\comrepl.exe /com /w'
- <SYSTEM32>\comrepl.exe
- 'www.la###ses.com':80
- 're##.upseek.org':80
- www.la###ses.com/img/gt.cgi?s=################
- re##.upseek.org/r=laugt1|http://www.laderses.com/img/gt.cgi?s=################
- re##.upseek.org/r=mut2
- re##.upseek.org/r=inst1
- DNS ASK www.la###ses.com
- DNS ASK re##.upseek.org