Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'keyfind' = '<SYSTEM32>\fund.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{D8FC246B-C313-6CF4-918C-7B71DBB57105}] 'StubPath' = '<SYSTEM32>\fund.exe'
- %WINDIR%\NOTEPAD.EXE
- <SYSTEM32>\fund.exe
- 'bo####um.no-ip.biz':3460
- DNS ASK bo####um.no-ip.biz