Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSupdate.exe' = 'C:\update.exe'
- <SYSTEM32>\calc.exe
- %ALLUSERSPROFILE%\Desktop\hacker.exe
- C:\update.exe
- C:\update.exe
- '17#.17.4.81':80
- 17#.17.4.81/botnet/install.php?id########
- ClassName: 'Shell_TrayWnd' WindowName: ''