Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '057c9' = '%APPDATA%\057c9\b8e8447605.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\057c9\b8e8447605.exe
- 'pc.###-to-all.com':80
- 'be###brno.com':80
- 'ac##.org.au':80
- 'in#####iandomains.com':80
- 'as#####esigns.com.au':80
- 'ev####travel.co.uk':80
- 'ya####ickglobal.in':80
- 'th######shirtsonline.com':80
- http://pc.###-to-all.com/Ryfq7Y.php?z=############
- http://be###brno.com/MixtUZ.php?p=############
- http://th######shirtsonline.com/CF9iM8.php?m=##########
- DNS ASK in#####iandomains.com
- DNS ASK pc.###-to-all.com
- DNS ASK jj###pbell.com
- DNS ASK ac##.org.au
- DNS ASK be###brno.com
- DNS ASK as#####esigns.com.au
- DNS ASK ev####travel.co.uk
- DNS ASK ya####ickglobal.in
- DNS ASK th######shirtsonline.com
- ClassName: 'Indicator' WindowName: ''