Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hilkayyrleke' = '<SYSTEM32>\dlllllllll.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{F468FD4F-5329-7E6D-C5D2-EAD62E4DE171}] 'StubPath' = '<SYSTEM32>\dlllllllll.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\dlllllllll.exe
- 'pr####dz.no-ip.org':3460
- DNS ASK pr####dz.no-ip.org