Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'havflkgc.exe' = '"%APPDATA%\Roaming\Identities\havflkgc.exe"'
- <SYSTEM32>\Dwm.exe
- %APPDATA%\Roaming\ms9004503.bat
- %APPDATA%\Roaming\Identities\havflkgc.exe
- %APPDATA%\Roaming\ms9004503.bat
- '20#.#6.232.182':80
- 20#.#6.232.182/
- DNS ASK www.microsoft.com
- ClassName: 'Indicator' WindowName: ''