Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinHost] 'ImagePath' = '<SYSTEM32>\WinHost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinHost] 'Start' = '00000002'
- '<SYSTEM32>\WinHost.exe'
- '<SYSTEM32>\cmd.exe' del <Полный путь к вирусу> >> NUL
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\WinHost.exe
- 'fi####upworlds.com':443
- 'fo###whell.ru':443
- 'as####rspace.com':443
- 'sp###anwore.com':443
- 'go###tforus.ru':443
- 'we###rtales.ru':443
- 'fa#####viceworld.com':443
- 'se###lefnom.ru':443
- 'sh###worlds.ru':443
- 'qu####orworld.com':443
- 'me###istran.com':443
- 'sw###awert.com':443
- 'sr###echno.com':443
- 'se####atmiru.com':443
- 've###rusural.ru':443
- 'se####glandam.ru':443
- 'we###tumbahn.ru':443
- 'pe###nasconn.ru':443
- 're####ratormira.ru':443
- DNS ASK fi####upworlds.com
- DNS ASK fo###whell.ru
- DNS ASK as####rspace.com
- DNS ASK sp###anwore.com
- DNS ASK go###tforus.ru
- DNS ASK we###rtales.ru
- DNS ASK fa#####viceworld.com
- DNS ASK se###lefnom.ru
- DNS ASK sh###worlds.ru
- DNS ASK qu####orworld.com
- DNS ASK me###istran.com
- DNS ASK sw###awert.com
- DNS ASK sr###echno.com
- DNS ASK se####atmiru.com
- DNS ASK ve###rusural.ru
- DNS ASK se####glandam.ru
- DNS ASK we###tumbahn.ru
- DNS ASK pe###nasconn.ru
- DNS ASK re####ratormira.ru