Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'waffi' = '%APPDATA%\waffi\waffi.exe'
- installutil.exe
- %TEMP%\c7ebace9-d4f3-4576-b8fe-2fe996e42813\fdf.dll
- %TEMP%\installutil.exe
- %TEMP%\b35bc50e-fc56-4239-a7d0-bb79118b31c9\agiledotnetrt.dll
- %APPDATA%\waffi\waffi.exe
- %APPDATA%\waffi\waffi.exe
- 'cc##29.com':80
- http://www.cc##29.com/origin/inc/d20ee25f58c495.php
- DNS ASK cc##29.com
- '%TEMP%\installutil.exe'