Техническая информация
- %TEMP%\liebert.bmp
- %ALLUSERSPROFILE%\5bb02\tlworker.exe
- http://up####esrv.890m.com/SN/index.php
- DNS ASK up####esrv.890m.com
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d %ALLUSERSPROFILE%\5bb02