Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '%WINDIR%\notepab.exe'
- '%WINDIR%\svchest208987292020898904480.exe'
- %WINDIR%\notepab.exe
- %WINDIR%\svchest208987292020898904480.exe
- %WINDIR%\BJ.exe
- <Полный путь к вирусу>
- %WINDIR%\svchest208987292020898904480.exe
- 'sc###.gnway.net':80
- DNS ASK sc###.gnway.net