Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{2R54MMRG-C2HG-71DV-E3B0-U5DT48V48C6L}] 'StubPath' = '%TEMP%\Server.exe'
- <SYSTEM32>\notepad.exe
- <SYSTEM32>\notepad.exe
- %TEMP%\Server.exe
- 'any':8000
- 'mi####.gnway.net':8000
- DNS ASK mi####.gnway.net