Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\RoH8mf82Ob0W8Yr4\7YmYbru5hgvY.exe",explorer.exe'
- %APPDATA%\roh8mf82ob0w8yr4\7ymybru5hgvy.exe
- %APPDATA%\imminent\logs\10-10-2020
- %APPDATA%\roh8mf82ob0w8yr4\7ymybru5hgvy.exe