Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Firewall' = 'C:\File Backup\Backup.exe'
- 'C:\svshost.exe'
- 'C:\svshost.exe' (загружен из сети Интернет)
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 1
- C:\File Backup\Backup.exe
- C:\svshost.exe
- C:\svshost.exe
- 's1.###ectxex.com':80
- 'we#######musa.altervista.org':80
- 'wp#d':80
- we#######musa.altervista.org/link1.html
- s1.###ectxex.com/uploads/LmCgmj-9k-7bTGdTvQz3OEzj1_wMZvtmHBPL1zv_6FuOLZ872naZE4qKSujqXTy-cln4ObuB1Osj4DGlmmsN72n2YCpM1eJXqYC1
- wp#d/wpad.dat
- we#######musa.altervista.org/link2.html
- DNS ASK s1.###ectxex.com
- DNS ASK we#######musa.altervista.org
- DNS ASK wp#d
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_traywnd' WindowName: ''