Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wscsvc] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe
- %WINDIR%\Explorer.EXE
- C:\RECYCLER\S-1-5-18\$2ebe1c2e2a38cb36436c4d1cb8c2630c\@
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\$2ebe1c2e2a38cb36436c4d1cb8c2630c\n
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\$2ebe1c2e2a38cb36436c4d1cb8c2630c\@
- <SYSTEM32>\wbem\Logs\wbemess.lo_
- 'any':80
- 'pr####.fling.com':80
- any/5699017-3C912481A04E584CDF231C519E1DF857/counter.img?th##########################
- pr####.fling.com/geo/txt/city.php
- DNS ASK pz#lŃ
- DNS ASK pz#��
- DNS ASK pz#
- DNS ASK pz#���-
- DNS ASK pz#s*�
- DNS ASK pz#usӱ
- DNS ASK pr####.fling.com
- DNS ASK pz#⻎j
- DNS ASK pz#��γ