Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winFile' = '%CommonProgramFiles%\system32\winFile.exe'
- %CommonProgramFiles%\safemode
- 'www.to###bondinn.is':80
- 'kr###ahestar.is':80
- www.to###bondinn.is/adgerdir/help.txt
- kr###ahestar.is/pdf/build.php
- DNS ASK www.to###bondinn.is
- DNS ASK kr###ahestar.is