Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Cerberus' = '<SYSTEM32>\System32\Dws.exe.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Cerberus' = '<SYSTEM32>\System32\Dws.exe.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{H70IGJYW-A6P0-OSM4-OO5Y-737VPI2XRT7F}] 'StubPath' = '<SYSTEM32>\System32\Dws.exe.exe Restart'
- %TEMP%\winamp\svchost.exe
- %WINDIR%\syswow64\system32\dws.exe.exe
- %WINDIR%\syswow64\system32\database.dat
- %TEMP%\winamp\svchost.exe
- %WINDIR%\syswow64\system32\dws.exe.exe
- %WINDIR%\syswow64\system32\database.dat
- 'no####.sytes.net':100
- 'localhost':100
- DNS ASK no####.sytes.net
- '%TEMP%\winamp\svchost.exe'