Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'badlizlewefu' = '%HOMEPATH%\badlizlewefu.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %HOMEPATH%\badlizlewefu.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- '4e###nails.nl':443
- '4e###4you.de':443
- '4e##ates.eu':443
- '9v###r95bfux.sy':443
- '4e##orts.eu':443
- '4e##rweb.nl':443
- '0h###icap.at':443
- '9n##nzig.de':443
- '4e####lashlight.de':443
- '7a##ble.be':443
- '9n##web.it':443
- 'ac###nting.ee':443
- '4e###music.pl':443
- '4e##ry1.cc':443
- '4e###andever.de':443
- DNS ASK 4e###nails.nl
- DNS ASK 4e###4you.de
- DNS ASK 4e##ates.eu
- DNS ASK 9v###r95bfux.sy
- DNS ASK 4e##orts.eu
- DNS ASK 4e##rweb.nl
- DNS ASK 0h###icap.at
- DNS ASK 9n##nzig.de
- DNS ASK 4e####lashlight.de
- DNS ASK 7a##ble.be
- DNS ASK 9n##web.it
- DNS ASK ac###nting.ee
- DNS ASK 4e###music.pl
- DNS ASK 4e##ry1.cc
- DNS ASK 4e###andever.de
- ClassName: 'Indicator' WindowName: ''