Техническая информация
- %WINDIR%\tasks\expertadvice.job
- [<HKLM>\System\CurrentControlSet\Services\Light Friendship] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Light Friendship] 'ImagePath' = '%APPDATA%\Light Friendship\Light Friendship.exe'
- %APPDATA%\light friendship\light friendship.exe
- %ALLUSERSPROFILE%\application data\{aeaef37a-511b-3f73-aeae-ef37a511cde9}\<Имя файла>.exe
- %APPDATA%\light friendship\juy.dat
- %ALLUSERSPROFILE%\application data\{aeaef37a-511b-3f73-aeae-ef37a511cde9}\<Имя файла>.dat
- DNS ASK fu###set.work
- DNS ASK al####el-pro.com
- DNS ASK ge####ltiple.link
- DNS ASK ho####arzipset.net
- '%APPDATA%\light friendship\light friendship.exe'