Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '42B8C8E4' = '%APPDATA%\42B8C8E4\bin.exe'
- %WINDIR%\explorer.exe
- iexplore.exe
- Процесс iexplore.exe, модуль wininet.dll
- Процесс firefox.exe, модуль nss3.dll
- %APPDATA%\42b8c8e4\bin.exe
- %LOCALAPPDATA%low\42b8c8e4\log.dat
- 'xp####iguyqw.com':80
- 'jw###xyscndd.in':80
- 'rr###wvjvmil.in':80
- 'mc###jrretsc.in':80
- 'td###gmogglu.in':80
- http://jw###xyscndd.in/da0dshjk567hjcq0rk/
- DNS ASK xp####iguyqw.com
- DNS ASK jw####yscndd.com
- DNS ASK jw####yscndd.net
- DNS ASK jw###xyscndd.in
- DNS ASK jw###xyscndd.ru
- DNS ASK rr####vjvmil.com
- DNS ASK rr####vjvmil.net
- DNS ASK rr###wvjvmil.in
- DNS ASK rr###wvjvmil.ru
- DNS ASK mc####rretsc.com
- DNS ASK mc####rretsc.net
- DNS ASK mc###jrretsc.in
- DNS ASK mc###jrretsc.ru
- DNS ASK td####mogglu.com
- DNS ASK td####mogglu.net
- DNS ASK td###gmogglu.in
- '%WINDIR%\syswow64\explorer.exe'