Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'S:pI_dlUEOgA' = '%APPDATA%\File.exe'
- '%APPDATA%\File.exe'
- %APPDATA%\assets.db
- %APPDATA%\Imminent\Logs\03-11-2016
- %APPDATA%\DesEncrypted
- %APPDATA%\File.exe
- 'ba#####e.duckdns.org':777
- DNS ASK ba#####e.duckdns.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''