Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winscvt' = '<SYSTEM32>\winscvt.exe'
- '<SYSTEM32>\winscvt.exe'
- <SYSTEM32>\nvzsvcc.exe
- <SYSTEM32>\libcurl-4.dll
- <SYSTEM32>\pthreadGC2.dll
- %APPDATA%\keys_4f33c061f9adcfd4598ad125f7515b6c.txt
- <SYSTEM32>\winscvt.exe
- <SYSTEM32>\WinGuard.exe
- %APPDATA%\keys_4f33c061f9adcfd4598ad125f7515b6c.txt
- 'ok##es.org':80
- 'wp#d':80
- wp#d/wpad.dat
- DNS ASK ok##es.org
- DNS ASK wp#d