Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\hwinterface] 'ImagePath' = 'System32\Drivers\hwinterface.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\hwinterface] 'Start' = '00000001'
- '<SYSTEM32>\msiexec.exe'
- <DRIVERS>\hwinterface.sys
- 'de###eona.com':80
- 'ga####resterlo.com':80
- '20#.#6.232.182':80
- http://de###eona.com/blog/index.php
- http://ga####resterlo.com/blog/index.php
- DNS ASK de###eona.com
- DNS ASK ga####resterlo.com
- DNS ASK microsoft.com