Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MicroSoft' = '"%ALLUSERSPROFILE%\Application Data\MicroSoft.exe" pub2'
- %ProgramFiles%\microsoft.exe
- %ProgramFiles%\rsp.exe
- %ALLUSERSPROFILE%\Application Data\MicroSoft.exe
- %HOMEPATH%\Desktop\RelieveStressPaint.lnk
- %ALLUSERSPROFILE%\Application Data\mini.dat
- 'localhost':1038
- 'do##.####alennvasc243822.online':443
- 'ap#.#####lennvasc243822.online':443
- DNS ASK do##.####alennvasc243822.online
- DNS ASK ap#.#####lennvasc243822.online
- '%ProgramFiles%\microsoft.exe' pub2
- '%ProgramFiles%\rsp.exe' pub2