Техническая информация
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] '85B715BD' = '%APPDATA%\85B715BD\bin.exe'
- %WINDIR%\explorer.exe
- firefox.exe
- %APPDATA%\85b715bd\bin.exe
- 'if####sfiiqr.com':80
- 'iv####tohghc.com':80
- 'fj####ccuuhc.com':80
- 'pi####ohnnip.com':80
- http://iv####tohghc.com/br01ot0a7a0to10u/
- http://fj####ccuuhc.com/br01ot0a7a0to10u/
- http://pi####ohnnip.com/br01ot0a7a0to10u/
- DNS ASK or###nogf.su
- DNS ASK ej####hpkjiv.com
- DNS ASK px####ghuvyp.com
- DNS ASK vt####wwcgwl.com
- DNS ASK fc####rroyee.com
- DNS ASK iu####ttpqbo.com
- DNS ASK ll####wpphii.com
- DNS ASK if####hxsmns.com
- DNS ASK yd####kmxpom.com
- DNS ASK kb####dqrkps.com
- DNS ASK lb####tcifgd.com
- DNS ASK fq####mugqlc.com
- DNS ASK iv####iiottw.com
- DNS ASK de####kmpjfp.com
- DNS ASK ih####ddqqyh.com
- DNS ASK nr####xyohuk.com
- DNS ASK fs####gvlmlk.com
- DNS ASK yq####hdefnq.com
- DNS ASK nn####ilyiyy.com
- DNS ASK vv####tbkvcs.com
- DNS ASK ed####tducvy.com
- DNS ASK fj####ccuuhc.com
- DNS ASK iv####tohghc.com
- DNS ASK ih####yqmhim.com
- DNS ASK ll####poefxy.com
- DNS ASK if####sfiiqr.com
- DNS ASK jn####kpihgc.com
- DNS ASK hd####uhgkop.com
- DNS ASK pi####ohnnip.com
- '%WINDIR%\syswow64\winver.exe'