Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winfax12' = '%APPDATA%\Install\winfax12.exe'
- '%APPDATA%\Install\winfax12.exe'
- [<HKCU>\SOFTWARE\ORL\WinVNC3]
- %APPDATA%\Install\winfax12.exe
- %APPDATA%\Install\ntfs.dat
- 'ma##.##rongboltmail.com':465
- '88###nre.net':80
- 88###nre.net/newali/cinp.php?cm###
- 88###nre.net/newali/loading.php
- DNS ASK ma##.##rongboltmail.com
- DNS ASK 88###nre.net
- ClassName: 'Indicator' WindowName: ''