Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'WinInit' = '{8F8772E5-D451-4E80-829A-61A77A550D0A}'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 'IEXPLORE.EXE' = 'IEXPLORE.EXE:*:Enabled:IEXPLORE'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 'svchost.exe' = 'svchost.exe:*:Enabled:svchost'
- <SYSTEM32>\sendlog.exe
- <SYSTEM32>\msprint.dll
- <SYSTEM32>\winsock32.dll
- 'www.me##est.org':80
- 'www.br#####hleyjones.com':80
- www.me##est.org/img/scripts/counter_5/counter.php
- www.br#####hleyjones.com/img/scripts/counter_5/counter.php
- DNS ASK www.me##est.org
- DNS ASK www.br#####hleyjones.com