Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '%APPDATA%\dev-poin.exe'
- '%APPDATA%\dev-poin.exe' -a 15 -t 1 -g no -o http://rr.###mp.com:8332 -u alimohor.alilord -p avast1990
- %TEMP%\aut1.tmp
- %APPDATA%\dev-poin.exe
- %APPDATA%\dev-poin.exe
- %TEMP%\aut1.tmp
- 'rr.##cmp.com':8332
- DNS ASK rr.##cmp.com
- ClassName: 'Indicator' WindowName: '(null)'