Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Dlwypkdlfg Qhptngkfju' = ''
- '<SYSTEM32>\reg.exe' ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Dlwypkdlfg Qhptngkfju" /t REG_EXPAND_SZ /d "<Полный путь к вирусу>" /f
- '<SYSTEM32>\cmd.exe' /C DEL /F /Q /S %TEMP%\*
- '91.##6.116.160':80
- http://91.##6.116.160/p/server
- ClassName: 'Indicator' WindowName: ''