Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\mmcsle] 'ImagePath' = '<Полный путь к файлу>'
- [<HKLM>\SYSTEM\ControlSet001\Services\mmcsle] 'Start' = '00000002'
- %TEMP%\~ax1.tmp
- <Текущая директория>\~tmp001
- <Текущая директория>\winsys32.dat
- %TEMP%\~ex2.tmp
- <Текущая директория>\~tmp001
- %TEMP%\~ex2.tmp
- <Текущая директория>\winsys32.dat в <Текущая директория>\Winsys-update\winsys32.dat_0[1476205234]
- <Текущая директория>\~tmp001
- <Текущая директория>\winsys32.dat
- '95.##1.135.161':80
- '95.##1.107.72':80
- '94.##2.219.197':80
- '20#.#6.232.182':80
- '94.##2.219.204':80
- 'fu####lfempty.com':80
- 'st####theroof.com':80
- 'my###arbin.com':80
- '95.##1.38.135':80
- 'ro###uster.com':80
- http://my###arbin.com/search1.php
- http://ro###uster.com/search1.php
- http://st####theroof.com/search1.php
- http://fu####lfempty.com/search1.php
- http://94.##2.219.197/search1.php
- http://94.##2.219.204/search1.php
- http://95.##1.135.161/search1.php
- http://95.##1.38.135/search1.php
- http://95.##1.107.72/search1.php
- DNS ASK ro###uster.com
- DNS ASK www.microsoft.com
- DNS ASK my###arbin.com
- DNS ASK st####theroof.com
- DNS ASK fu####lfempty.com