Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Nationalersgggggggggg] 'ImagePath' = '%WINDIR%\UserDatggggggggga.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Nationalersgggggggggg] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c del /f "<Полный путь к файлу>"
- '%WINDIR%\UserDatggggggggga.exe'
- %WINDIR%\UserDatggggggggga.exe
- %WINDIR%\UserDatggggggggga.exe
- 'fg####i.gicp.net':8000
- DNS ASK fg####i.gicp.net