Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\htznbld] 'Start' = '00000002'
- '%WINDIR%\htznbld.exe' "" "<Полный путь к вирусу>"
- '%WINDIR%\htznbld.exe'
- <SYSTEM32>\config\systemprofile\Ky7d757rdtfygug4.ini
- %WINDIR%\ssleay32.dll
- %WINDIR%\htznbld.exe
- <SYSTEM32>\config\systemprofile\gx1uy1wp5qwe1.ini
- 'ga######pescortbayanlar.org':80
- ga######pescortbayanlar.org/crawl_going.php?99##################
- DNS ASK ga######pescortbayanlar.org