Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MyKB' = '"<Полный путь к вирусу>"'
- %TEMP%\Test.txt
- %TEMP%\Test.txt
- 'www.pi###rest.com':80
- www.pi###rest.com/pin/66217056995285416/
- DNS ASK www.pi###rest.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TForm_MyDemosWP' WindowName: ''
- ClassName: 'TForm_FtpDemosM' WindowName: ''