Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,%HOMEPATH%\Security\mscs.dat,'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ntbackup.lnk
- %WINDIR%\Tasks\ntbackup.exe
- %HOMEPATH%\Security\mscs.dat
- %HOMEPATH%\Security\mscs.dat
- %WINDIR%\Tasks\ntbackup.exe
- 'lo####mesilenic.com':80
- 'li###oda.info':80
- '67.##5.160.76':80
- lo####mesilenic.com/
- li###oda.info/
- 67.##5.160.76/
- DNS ASK lo####mesilenic.com
- DNS ASK li###oda.info
- DNS ASK ya##o.com