Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Far2' = '%APPDATA%\Microsoft\crtgjirh\wsarevsf.exe'
- %WINDIR%\syswow64\explorer.exe
- %APPDATA%\microsoft\crtgjirh\wsarevsf.exe
- %APPDATA%\microsoft\crtgjirh\wsarevsf.exe
- 'localhost':80
- http://ja##.com/
- DNS ASK support.microsoft.com
- DNS ASK ja##.com
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'
- '%WINDIR%\syswow64\explorer.exe'