Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winfax12' = '%APPDATA%\Install\winfax12.exe'
- '%APPDATA%\Install\winfax12.exe'
- [<HKCU>\SOFTWARE\ORL\WinVNC3]
- %APPDATA%\Install\winfax12.exe
- %APPDATA%\Install\ntfs.dat
- 'ma##.##rongboltmail.com':465
- 'ba##ers.cc':80
- ba##ers.cc/free/cinp.php?cm###
- ba##ers.cc/free/loading.php
- DNS ASK ma##.##rongboltmail.com
- DNS ASK ba##ers.cc
- ClassName: 'Indicator' WindowName: ''