Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinDLL (service.exe)' = 'service.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'SysRun' = '{D7FFD784-5276-42D1-887B-00267870A4C7}'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\wininet.exe' = '<SYSTEM32>\wininet.exe:*:Enabled:Windows XP Update'
- %WINDIR%\service.exe
- <SYSTEM32>\winint.exe
- <SYSTEM32>\wininet.exe
- <SYSTEM32>\winint.exe
- %WINDIR%\service.exe
- <SYSTEM32>\wininet.exe
- <SYSTEM32>\svshost.dll
- <SYSTEM32>\winint.exe
- '74.##5.232.51':25
- 'in#.####.messagingengine.com':25
- 'ma###.##gitalwaves.co.nz':25
- '94.##0.191.201':25
- 'ok###hops.com':80
- '72.##.144.26':443
- '77.##0.178.212':2327
- ok###hops.com?dd######################################################################
- ok###hops.com?dd################
- DNS ASK de
- DNS ASK gs####83.google.com
- DNS ASK ma###.##gitalwaves.co.nz
- DNS ASK in#.####.messagingengine.com
- DNS ASK or#
- DNS ASK mx#.mail.ru
- DNS ASK ok###hops.com
- DNS ASK gm######tp-in.l.google.com
- DNS ASK co#