Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'SecurityWIN64' = 'Wscript.exe "%APPDATA%\windows.vbs"'
- '<SYSTEM32>\ping.exe' -n 1 q.readywin13.com
- '<SYSTEM32>\wscript.exe' "%APPDATA%\windows.vbs"
- %ALLUSERSPROFILE%\MZђ
- %ALLUSERSPROFILE%\ppctrl.dat
- %TEMP%\2602.tmp
- %ALLUSERSPROFILE%\pckt.tmp
- %APPDATA%\windows.vbs
- %ALLUSERSPROFILE%\ppctrl.dat
- %APPDATA%\windows.vbs
- %TEMP%\2602.tmp
- '19#.#5.45.97':80
- 'localhost':1037
- 'q.####ywin13.com':80
- 19#.#5.45.97/br/file/comphp.php?ti#######################################
- q.####ywin13.com/bisdtpck.txt
- q.####ywin13.com/bisupdpck.txt
- DNS ASK q.####ywin13.com