Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Qryhnab Defghi] 'ImagePath' = '%WINDIR%\ookyou.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Qryhnab Defghi] 'Start' = '00000002'
- %WINDIR%\ookyou.exe
- <Полный путь к файлу> в %TEMP%\17ef68
- 'v8.#er.tf':8081
- 'yy###.tpddns.cn':6681
- DNS ASK v8.#er.tf
- DNS ASK yy###.tpddns.cn
- '%WINDIR%\ookyou.exe'