Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'owned' = '%WINDIR%\nicething.exe'
- %WINDIR%\nicething.exe
- %WINDIR%\thesex.dll
- %WINDIR%\luy82.txt
- C:\xcr.wmv
- %WINDIR%\nicething.exe
- %WINDIR%\luy82.txt
- C:\xcr.wmv
- 'www.si##.com':80
- '74.##5.232.51':80
- www.si##.com/cmd.txt
- www.si##.com/logger.php?ac#########################################################
- DNS ASK www.si##.com
- DNS ASK www.google.com