Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a282bf3354' = '%APPDATA%\a282bf3354\a282bf3354.exe'
- Компонент восстановления системы (SR)
- '<SYSTEM32>\svchost.exe' netsvcs
- '%WINDIR%\explorer.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- %APPDATA%\a282bf3354\a282bf3354.exe
- 'ce###rgaz.pl':80
- 'sh###wdent.ro':80
- '11#.##v.chand.co':80
- 'bl##.redirc.org':80
- http://ce###rgaz.pl/o37Zdh.php?q=############
- http://sh###wdent.ro/y2Fadf.php?f=############
- http://11#.##v.chand.co/y_Gqd0.php?w=############
- http://bl##.redirc.org/sfPBGw.php?u=############
- DNS ASK ce###rgaz.pl
- DNS ASK sh###wdent.ro
- DNS ASK 11#.##v.chand.co
- DNS ASK bl##.redirc.org