Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OGt61x8' = '\qy4Iko426\30e8W4A56.exe \qy4Iko426\Y63854U0s \qy4Iko426\399InQw79'
- %TEMP%\20180626
- C:\qy4Iko426\Rvim5L9tZ.gdb
- C:\qy4Iko426\s6ssm5Wu5.gdb
- C:\qy4Iko426\EvJtkYGH7.gdb
- C:\qy4Iko426\Rvim5L9tZ.gdb
- C:\qy4Iko426\s6ssm5Wu5.gdb
- C:\qy4Iko426\EvJtkYGH7.gdb
- '20#.#48.12.129':80
- http://20#.#48.12.129/nutrpar/cVu5KW6Mn0AFgOWcD.vmp1.gif
- http://20#.#48.12.129/uxdanyup/qeH6oY1zcm.gif
- http://20#.#48.12.129/uxdanyup/mCvZyhBkbo.gif