Техническая информация
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Rainmeter' = '%ALLUSERSPROFILE%\95S5963SQTI1427HR\Rainmeter.exe'
- %ALLUSERSPROFILE%\95s5963sqti1427hr\rainmeter.dll
- %ALLUSERSPROFILE%\95s5963sqti1427hr\rainmeter.exe
- %ALLUSERSPROFILE%\95s5963sqti1427hr\rainmeter.txt
- %LOCALAPPDATA%\178bfbff000306e4
- %ALLUSERSPROFILE%\95s5963sqti1427hr\key
- %ALLUSERSPROFILE%\95s5963sqti1427hr\key
- 'of###kef.com':3355
- 'of###kef.com':816
- 'of###kef.com':8166
- 'of###kef.com':1688
- 'of###kef.com':8866
- 'of###kef.com':6611
- 'of###kef.com':5566
- 'of###kef.com':6333
- http://of####ef.com:3355/9x.dll via of###kef.com
- DNS ASK of###kef.com
- ClassName: 'EDIT' WindowName: ''
- '%ALLUSERSPROFILE%\95s5963sqti1427hr\rainmeter.exe'