Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'windows-plugin-91496' = '%HOMEPATH%\Local Settings\History\0FABFBFF000206D7xx\windows-plugin-91496.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'windows_install-109754' = '%APPDATA%\0FABFBFF000206D7xx\windows_install-109754.exe'
- %HOMEPATH%\Local Settings\History\0FABFBFF000206D7xx\windows-plugin-91496.exe
- %APPDATA%\0FABFBFF000206D7xx\windows_install-109754.exe
- %HOMEPATH%\Local Settings\History\0FABFBFF000206D7xx\windows-plugin-91496.exe
- %APPDATA%\0FABFBFF000206D7xx\windows_install-109754.exe
- 'at.#xnet.to':80
- 'wp#d':80
- wp#d/wpad.dat
- at.#xnet.to/kp/connect.php
- DNS ASK at.#xnet.to
- DNS ASK wp#d