Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '285599c3' = 'rundll32.exe "%APPDATA%\laa.dll",b'
- <SYSTEM32>\rundll32.exe "%APPDATA%\laa.dll",a
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\fired[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\panel[1].htm
- %APPDATA%\laa.dll
- %APPDATA%\laa.dll
- 'd0####0.sytes.net':80
- d0####0.sytes.net/~pete19c/panel/fired.php?ai######################################
- d0####0.sytes.net/~pete19c/panel/?ai######################################
- DNS ASK d0####0.sytes.net