Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sisproc2' = '<SYSTEM32>\mrealon8.exe'
- '%WINDIR%\impon0815.exe'
- '%WINDIR%\impon0815.exe' (загружен из сети Интернет)
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3 -w 1000
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\__tmp0701__.bat
- %WINDIR%\agonyk.dll
- %WINDIR%\__tmp0701__.bat
- %WINDIR%\impon0815.exe
- <SYSTEM32>\mrealon8.exe
- %WINDIR%\impon0815.exe
- 'ap#####wn.cafe24.com':80
- 'sp###t123.net':80
- http://ap#####wn.cafe24.com/update/spirit321.exe
- http://ap#####wn.cafe24.com/update/3infobar.dll
- http://sp###t123.net/count/count.php?id###
- http://ap#####wn.cafe24.com/dll5_2/improve2.exe
- DNS ASK ap#####wn.cafe24.com
- DNS ASK sp###t123.net