Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ce16e' = '%APPDATA%\ce16e\b716fce1.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\ce16e\b716fce1.exe
- 'wi###a.com.br':80
- 'zh##an.kz':80
- 'lo##d.kz':80
- 'gi###osa.com':80
- http://zh##an.kz/TSOXQL.php?a=##########
- DNS ASK wi###a.com.br
- DNS ASK zh##an.kz
- DNS ASK lo##d.kz
- DNS ASK gi###osa.com
- ClassName: 'Indicator' WindowName: ''