Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FpmxWw9' = '%APPDATA%\huD5tEFDt\K4NIPqi0A.exe %APPDATA%\huD5tEFDt\qY5B932Ya %APPDATA%\huD5tEFDt\Rxw74Kjg2'
- %APPDATA%\Microsoft\Windows\DudaDreams.log
- %APPDATA%\huD5tEFDt\bt5Bu1b5Z.zip
- %APPDATA%\huD5tEFDt\bt5Bu1b5Z.zip
- '10#.#27.34.232':80
- http://10#.#27.34.232/vejdgbz6f5.zip