Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dfea' = '%WINDIR%\tasks\dfea.exe'
- %WINDIR%\Tasks\dfea.exe
- '%WINDIR%\Tasks\dfea.exe'
- '%TEMP%\conhost.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %TEMP%\conhost.exe
- <Текущая директория>\<Имя вируса>
- 'wo###.ddnsking.com':8080
- DNS ASK wo###.ddnsking.com
- ClassName: 'Indicator' WindowName: ''