Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] '191281' = '%ALLUSERSPROFILE%\Local Settings\Temp\14bffffd0002eb40.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\Local Settings\Temp\14bffffd0002eb40.exe
- 'bl###woo.com':80
- '8.#.8.8':53
- '8.#.4.4':53
- bl###woo.com/image.php
- DNS ASK bl###woo.com