Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\S7zrfltnXWlw17km\NVoOwdZPsDv6.exe",explorer.exe'
- %APPDATA%\S7zrfltnXWlw17km\NVoOwdZPsDv6.exe
- %APPDATA%\S7zrfltnXWlw17km\NVoOwdZPsDv6.exe
- 'ko####ar.zapto.org':22438
- DNS ASK ko####ar.zapto.org