Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\17759] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\17759] 'ImagePath' = '%WINDIR%\system\177596.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '\' = '%WINDIR%\system\177596.exe:*:Enabled:KL'
- %WINDIR%\web\result.dark
- %WINDIR%\web\ddid
- %WINDIR%\web\ddnm
- %WINDIR%\web\ddsn
- %WINDIR%\system\177596.exe
- '19#.#05.240.59':80
- DNS ASK di###w0rk.net
- DNS ASK co###net.net
- '%WINDIR%\system\177596.exe' /start
- '%WINDIR%\system\177596.exe'