Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{PCGBTQQN-DOP-EWHD-GLUH-X8HZ55X85NRL}' = '"%ALLUSERSPROFILE%\Application Data\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0....
- %ALLUSERSPROFILE%\application data\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0.18362.1_none_0cc4f6fa594d06e2\config.json
- %ALLUSERSPROFILE%\application data\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0.18362.1_none_0cc4f6fa594d06e2\config.json
- из <Полный путь к файлу> в %ALLUSERSPROFILE%\application data\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0.18362.1_none_0cc4f6fa594d06e2\cca.exe
- DNS ASK cl#k.ru
- DNS ASK ds##.test-hf.su