Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{C240H4V0-Z645-TY0M-F9LH-5T35YC0HM05R}] 'StubPath' = '%CommonProgramFiles%\SERVICES\S-1-5-21-1303342014-1704936951-537590071-0504\se...
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Systems Update' = '%CommonProgramFiles%\SERVICES\S-1-5-21-1303342014-1704936951-537590071-0504\services.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Systems Update' = '%CommonProgramFiles%\SERVICES\S-1-5-21-1303342014-1704936951-537590071-0504\services.exe'
- '%TEMP%\M09912C.exe' (загружен из сети Интернет)
- '%TEMP%\M09912C.exe'
- '<SYSTEM32>\regsvr32.exe' /s "%CommonProgramFiles%\SERVICES\S-1-5-21-1303342014-1704936951-537590071-0504\mswinsck.ocx"
- %TEMP%\M09912C.exe
- 'de###forfun.com':80
- 'localhost':1039
- '??######????wi-2.??n????':599
- http://de###forfun.com/authorized/_01.html
- DNS ASK de###forfun.com
- DNS ASK цa####зwi-2зnдш