Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\4c9Pt9vOQJlVJwUk\Snni5Iyzp8yT.exe",explorer.exe'
- %APPDATA%\Imminent\Logs\15-01-2015
- %APPDATA%\4c9Pt9vOQJlVJwUk\Snni5Iyzp8yT.exe
- %APPDATA%\4c9Pt9vOQJlVJwUk\Snni5Iyzp8yT.exe
- 'af#####lain89.no-ip.biz':1605
- DNS ASK af#####lain89.no-ip.biz