Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Notenservers' = '"<SYSTEM32>\brc_Server.exe" /service'
- <SYSTEM32>\brc_Server.exe /service
- <SYSTEM32>\brc_Server.exe
- 'vi#.#ewying.com':80
- vi#.#ewying.com/user/web_30000/ip.txt
- DNS ASK vi#.#ewying.com
- ClassName: 'Indicator' WindowName: ''