Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '"%HOMEPATH%\WINDOWS\svchost.exe" start'
- '%HOMEPATH%\WINDOWS\svchost.exe' start
- '<SYSTEM32>\ipconfig.exe' /flushdns
- %HOMEPATH%\WINDOWS\svchost.exe
- %HOMEPATH%\WINDOWS\svchost.exe
- 'any':1174
- DNS ASK 86#######bde8b2ae.servehttp.com
- DNS ASK 86#######bde8b2ae.servegame.com
- DNS ASK 86##########8b2ae.servecounterstrike.com
- DNS ASK 86######ebde8b2ae.zapto.org
- DNS ASK 86########de8b2ae.servequake.com
- DNS ASK 86#######bde8b2ae.servemp3.com
- DNS ASK 86#######bde8b2ae.bounceme.net
- DNS ASK 86#######bde8b2ae.no-ip.info
- DNS ASK 86######ebde8b2ae.no-ip.biz
- DNS ASK 86#######bde8b2ae.servebeer.com
- DNS ASK 86######ebde8b2ae.myvnc.com
- DNS ASK 86######ebde8b2ae.myftp.biz
- ClassName: 'MS_WINHELP' WindowName: '(null)'