Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '%WINDIR%\notepab.exe'
- %WINDIR%\svchest208987292020898904480.exe
- %WINDIR%\notepab.exe
- %WINDIR%\svchest208987292020898904480.exe
- %WINDIR%\BJ.exe
- %WINDIR%\svchest208987292020898904480.exe
- <Полный путь к вирусу>
- 'localhost':80