Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winlogon' = '<SYSTEM32>\Setupwindows.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{128FBAAA-F3ED-4D4F-B55C-931611969282}] 'StubPath' = '<SYSTEM32>\Setupwindows.exe'
- <SYSTEM32>\Setupwindows.exe
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\melt.bat" "
- <SYSTEM32>\melt.bat
- <SYSTEM32>\Setupwindows.exe
- 'me####ker.no-ip.biz':1005
- DNS ASK me####ker.no-ip.biz
- ClassName: 'Indicator' WindowName: ''