Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Mnopqr Tuvwxyab Def] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Mnopqr Tuvwxyab Def] 'ImagePath' = '%WINDIR%\pgvfce.exe'
- 'Mnopqr Tuvwxyab Def' %WINDIR%\pgvfce.exe
- C:\sys.exe
- %WINDIR%\pgvfce.exe
- C:\sys.exe
- '15#.#9.203.53':8888
- '15#.#9.204.80':8080
- DNS ASK ip.##totoo.com
- 'C:\sys.exe'
- '%WINDIR%\pgvfce.exe'