Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wincl' = '%APPDATA%\WinImv\winimv.exe'
- '%APPDATA%\WinImv\winimv.exe'
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\1.bat
- %APPDATA%\1.bat
- %APPDATA%\WinImv\winimv.exe
- %APPDATA%\__check__6032.xyz
- %APPDATA%\__check__6032.xyz
- 'ma####gememara.com':80
- 'we####brasil.com':80
- 'ko###rtownia.pl':80
- 'www.pe###nalsin.com':80
- 'ak###oicic.rs':80
- http://ma####gememara.com/
- http://we####brasil.com/
- http://ko###rtownia.pl/
- http://www.pe###nalsin.com/
- http://ak###oicic.rs/
- DNS ASK ma####gememara.com
- DNS ASK we####brasil.com
- DNS ASK ko###rtownia.pl
- DNS ASK www.pe###nalsin.com
- DNS ASK ak###oicic.rs
- ClassName: 'Indicator' WindowName: ''