Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'JoCa' = 'C:\WiinUpdate\Update.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'YAKUS' = 'C:\WiinUpdate\svhosts.exe'
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "JoCa" /d C:\WiinUpdate\Update.exe /t "REG_SZ" /f
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "YAKUS" /d C:\WiinUpdate\svhosts.exe /t "REG_SZ" /f
- 'ai####psupplies.com':80
- 'de#####ni-samolepky.cz':80
- 'www.vi####port.com.br':80
- http://de#####ni-samolepky.cz.//images/working.exe via de#####ni-samolepky.cz
- http://de#####ni-samolepky.cz.//images/Ativador.dll via de#####ni-samolepky.cz
- http://ai####psupplies.com//images/workingWab.exe
- http://www.vi####port.com.br/cache/.bash_history/04
- http://www.vi####port.com.br/cache/.bash_history/01
- http://www.vi####port.com.br/cache/.bash_history/02
- http://www.vi####port.com.br/cache/.bash_history/03
- DNS ASK ai####psupplies.com
- DNS ASK de#####ni-samolepky.cz
- DNS ASK www.vi####port.com.br