Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{23ACA3E7-1622-4808-8A84-003379CD83CB}] 'StubPath' = '<SYSTEM32>:poison.exe'
- '<SYSTEM32>\test.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>:poison.exe
- <SYSTEM32>\test.exe
- <SYSTEM32>\test.exe
- 'so####an.no-ip.info':3460
- DNS ASK so####an.no-ip.info