Техническая информация
- %WINDIR%\Tasks\{094546C9-1B8A-3CFC-965F-E873BE4F490A}.job
- '%APPDATA%\LWLCWLRQ\xFNYsGts\BAfugwFJ\KKCBbxQaW.exe'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- [<HKCU>\Software\Microsoft\messengerservice]
- %APPDATA%\LWLCWLRQ\xFNYsGts\BAfugwFJ\KKCBbxQaW.exe
- 'li#####moneyssite.net':80
- 'fr#####tlecountry.net':80
- 'do###nswer.net':80
- http://do###nswer.net/gate/sreport.php?ui############################################################
- http://li#####moneyssite.net/scans.php
- http://fr#####tlecountry.net/scans.php
- http://do###nswer.net/scans.php
- DNS ASK li#####moneyssite.net
- DNS ASK fr#####tlecountry.net
- DNS ASK do###nswer.net