Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Heia' = '%HOMEPATH%\GRSSETRE\notesblo.exe'
- ieinstal.exe
- %HOMEPATH%\grssetre\notesblo.exe
- %APPDATA%\logsgk.dat
- %APPDATA%\logsgk.dat
- http://18#.#1.146.210/private/buta_encrypted_3CDD210.bin
- DNS ASK dd##.##ingsthings.xyz
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'