Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\hideprocess] 'ImagePath' = '%TEMP%\5195. dll'
- 'hideprocess' %TEMP%\\5195. dll
- 'hideprocess' %TEMP%\5195. dll
- %WINDIR%\syswow64\yuyuud3
- %TEMP%\5195. dll
- %WINDIR%\temp\udd450b.tmp
- %WINDIR%\syswow64\d978.dat
- %WINDIR%\syswow64\yuyuud3
- %WINDIR%\temp\udd450b.tmp
- http://wb#.##18z.com:8967/new/pro7.txt via wb#.#t18z.com
- DNS ASK wb#.#t18z.com