Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ddown' = '%APPDATA%down.exe'
- '%APPDATA%down.exe'
- %APPDATA%down.exe
- %APPDATA%down.exe
- 'an####eatsystem.com':80
- an####eatsystem.com/deneme/deneme.txt
- DNS ASK an####eatsystem.com
- ClassName: 'Indicator' WindowName: '(null)'