Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RAT BIUDU Ynut] 'ImagePath' = '%WINDIR%\yygeym.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\RAT BIUDU Ynut] 'Start' = '00000002'
- %WINDIR%\yygeym.exe
- 'sa####l.linkpc.net':3391
- DNS ASK sa####l.linkpc.net
- '%WINDIR%\yygeym.exe'