Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6ca0d' = '%APPDATA%\6ca0d\71e8dfe56c.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\6ca0d\71e8dfe56c.exe
- 'be###brno.com':80
- 'ap####nerals.com.au':80
- 'th######shirtsonline.com':80
- 'it####shkino.org':80
- 'no####lbanks.com':80
- http://no####lbanks.com/PtXsO_.php?n=###########
- http://it####shkino.org/D2BE6m.php?r=##############
- DNS ASK be###brno.com
- DNS ASK ap####nerals.com.au
- DNS ASK th######shirtsonline.com
- DNS ASK it####shkino.org
- DNS ASK no####lbanks.com
- ClassName: 'Indicator' WindowName: ''