Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\c6WWTj1S1sVEI72N\go5VMrGbdO37.exe",explorer.exe'
- %APPDATA%\c6WWTj1S1sVEI72N\go5VMrGbdO37.exe
- %APPDATA%\c6WWTj1S1sVEI72N\go5VMrGbdO37.exe
- 'ot####ynir.ddns.net':1453
- DNS ASK ot####ynir.ddns.net