Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe rundll32.exe "%TEMP%\athy.lqo" iynpm'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %TEMP%\athy.lqo
- %TEMP%\1.tmp
- '84.##.161.62':80
- 84.##.161.62/8023741/00.php?v=###########################