Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\bit49e.tmp
- %WINDIR%\tasks\regsv.job
- <SYSTEM32>\tasks\regsv
- %WINDIR%\syswow64\extrac32.exe
- %WINDIR%\syswow64\cmd.exe
- %TEMP%\61b2d2e9.png
- %APPDATA%\identities\bitfb17.tmp
- %TEMP%\5b7195be.lnk
- %APPDATA%\identities\bitfb17.tmp
- %APPDATA%\microsoft\windows\start menu\programs\startup\bit49e.tmp
- %APPDATA%\identities\bitfb17.tmp в %APPDATA%\identities\regsv.exe
- 'ga######milk.oreoblanco.ltd':6640
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK i.##gur.com
- DNS ASK microsoft.com
- DNS ASK ga######milk.oreoblanco.ltd
- '%WINDIR%\syswow64\extrac32.exe'
- '%WINDIR%\syswow64\cmd.exe'