Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DBModPrj' = '%APPDATA%\DBModPrj.exe'
- %APPDATA%\doc124.pdf
- %APPDATA%\DBModPrj.exe
- 'wp#d':80
- 'wr###eslve.tk':80
- 'wr####slve.fr.mu':80
- 'wr####slve.usa.cc':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://wr###eslve.tk/i.php?44#####
- http://wr####slve.fr.mu/i.php?18#####
- http://wr####slve.usa.cc/i.php?40#####
- DNS ASK wp#d
- DNS ASK wr###eslve.tk
- DNS ASK wr####slve.fr.mu
- DNS ASK wr####slve.usa.cc
- '%APPDATA%\DBModPrj.exe'