Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = '"%TEMP%\0001be2a.com"'
- <SYSTEM32>\svchost.exe
- %TEMP%\0001be2a.com
- %TEMP%\0001be2a.com
- 'da###fold.org':80
- '74.##5.232.51':80
- da###fold.org/andr/stat.php
- DNS ASK da###fold.org
- DNS ASK google.com