Техническая информация
- %WINDIR%\tasks\yellowmellow.job
- <SYSTEM32>\tasks\yellowmellow
- [<HKLM>\System\CurrentControlSet\Services\Secretive Hope] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Secretive Hope] 'ImagePath' = '%APPDATA%\Secretive Hope\Secretive Hope.exe'
- %PROGRAMDATA%\{76d0ff48-b817-abd9-76d0-0ff48b81fd22}\<Имя файла>.exe
- %PROGRAMDATA%\{76d0ff48-b817-abd9-76d0-0ff48b81fd22}\<Имя файла>.dat
- %APPDATA%\secretive hope\secretive hope.exe
- %APPDATA%\secretive hope\5bodv.dat
- DNS ASK ge###luesee.com
- DNS ASK ce####-ring.link
- DNS ASK mo###odel.biz
- '%APPDATA%\secretive hope\secretive hope.exe'