Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'drumpep' = '<SYSTEM32>\drumpep.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{BA619BD1-66CF-DDC2-C4E9-B29A0EFDC195}] 'StubPath' = '<SYSTEM32>\drumpep.exe'
- <SYSTEM32>\drumpep.exe
- %TEMP%\wmoqvga
- %TEMP%\aut1.tmp
- %TEMP%\wmoqvga
- %TEMP%\aut1.tmp
- 'wi######urrent.sytes.net':3460
- DNS ASK wi######urrent.sytes.net