Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'DFGHJKNHB' = '%APPDATA%\Gard1\Gard1.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{02X5EUV1-PQ44-262I-PGB5-4Y32B02AFJV5}] 'StubPath' = '"%APPDATA%\Gard1\Gard1.exe"'
- %WINDIR%\win.ini
- gard1.exe
- %APPDATA%\gard1\gard1.exe
- 'ge####.hopto.org':4545
- DNS ASK ge####.hopto.org
- '%APPDATA%\gard1\gard1.exe'