Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSrv] 'ImagePath' = '<SYSTEM32>\WinSrv.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSrv] 'Start' = '00000002'
- '<SYSTEM32>\WinSrv.exe'
- '<SYSTEM32>\cmd.exe' del <Полный путь к файлу> >> NUL
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\WinSrv.exe
- 'ma####sweetnow.ru':443
- 'st####growlite.ru':443
- 'la###tronig.ru':443
- 'de####regmont.com':443
- 'fe####otusdry.ru':443
- 'de####inelife.ru':443
- 'to###ehen.com':443
- 'so###robuse.ru':443
- 'ro###rabdidn.ru':443
- 'dr###tfirst.com':443
- 'de#####terightlight.com':443
- 'st####stnolige.ru':443
- 'we####rtender.ru':443
- 'se####eformerlu.ru':443
- 'fa#####strongwolf.com':443
- 'bi####tankforme.com':443
- 'ne#####fuckwishes.com':443
- 'la###oalfond.ru':443
- 'fi####arlist.com':443
- 'co####arvodka.ru':443
- 'fo####wgodhome.com':443
- 'fa####wyeardrunk.ru':443
- DNS ASK st####growlite.ru
- DNS ASK de####inelife.ru
- DNS ASK ma####sweetnow.ru
- DNS ASK fe####otusdry.ru
- DNS ASK la###tronig.ru
- DNS ASK dr###tfirst.com
- DNS ASK so###robuse.ru
- DNS ASK ca###herol.ru
- DNS ASK to###ehen.com
- DNS ASK de#####terightlight.com
- DNS ASK ro###rabdidn.ru
- DNS ASK de####regmont.com
- DNS ASK st####stnolige.ru
- DNS ASK we####rtender.ru
- DNS ASK se####eformerlu.ru
- DNS ASK fa#####strongwolf.com
- DNS ASK bi####tankforme.com
- DNS ASK ne#####fuckwishes.com
- DNS ASK la###oalfond.ru
- DNS ASK fi####arlist.com
- DNS ASK co####arvodka.ru
- DNS ASK fo####wgodhome.com
- DNS ASK fa####wyeardrunk.ru