Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'adobe' = '<SYSTEM32>\cresse.exe'
- %APPDATA%\cress.exe
- <SYSTEM32>\cresse.exe
- %APPDATA%\undily.dll
- %APPDATA%\cress.exe
- %APPDATA%\undily.dll
- 'ou#.se7.org':80
- DNS ASK ou#.se7.org
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''