Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{FB917500-D800-4000-0000-D85ACCBC50}' = '"%APPDATA%\{FB917500-D800-4000-0000-D85ACCBC50}\chinotyafg.exe"'
- %WINDIR%\syswow64\svchost.exe
- %APPDATA%\{fb917500-d800-4000-0000-d85accbc50}\chinotyafg.exe
- %APPDATA%\{fb917500-d800-4000-0000-d85accbc50}\36640f60.dat
- %APPDATA%\{fb917500-d800-4000-0000-d85accbc50}\3687da2e.dat
- %APPDATA%\{fb917500-d800-4000-0000-d85accbc50}\36aba4fc.dat
- %APPDATA%\{fb917500-d800-4000-0000-d85accbc50}\qww9ce1k.dat
- %APPDATA%\{fb917500-d800-4000-0000-d85accbc50}\m9k3awi7.dat
- http://www.google.com/webhp
- DNS ASK google.com
- DNS ASK ri###ifer.info
- '%WINDIR%\syswow64\svchost.exe'