Техническая информация
- %TEMP%\maztfilgtumha.js
- %TEMP%\bpaulbe_91256.exe
- %TEMP%\bpaulbe_29472.exe
- %TEMP%\bpaulbe_51263.exe
- http://rc###namade.com/do48kR
- http://ma####obilya.com/1d9qpc
- http://ha##tto.com/Syik4D
- http://lv#####turedirect.com/iK1Sub
- http://th####yhorse.com/UK3BvT
- http://pa###oards.com/8KJZdt
- http://el###cadote.com/tTEcWD
- http://li##uce.com/VkPU7c
- http://li##uce.com/cgi-sys/suspendedpage.cgi
- http://ev##ees.com/pEFWns
- http://be#####toolcentre.com/iHvSJf
- DNS ASK re######vewebtemplate.com
- DNS ASK tr######alsforhotels.com
- DNS ASK li##uce.com
- DNS ASK el###cadote.com
- DNS ASK re#####rsinsandiego.com
- DNS ASK pa###oards.com
- DNS ASK th####yhorse.com
- DNS ASK lv#####turedirect.com
- DNS ASK ob###ate.com
- DNS ASK ca###ecakes.com
- DNS ASK ho####tphuvinh.com
- DNS ASK cr####ljoias.com.br
- DNS ASK ha##tto.com
- DNS ASK st#####ryourhome.co.uk
- DNS ASK ma####obilya.com
- DNS ASK rc###namade.com
- DNS ASK ev##ees.com
- DNS ASK be#####toolcentre.com
- '<SYSTEM32>\wscript.exe' %TEMP%\MAzTfiLgtUmha.js