Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'keyfind' = '<SYSTEM32>\fund.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{BE7FD92B-CDD9-BACE-0B1B-4D52D84AE1B5}] 'StubPath' = '<SYSTEM32>\fund.exe'
- %WINDIR%\NOTEPAD.EXE
- <SYSTEM32>\fund.exe
- 'bo####um.no-ip.biz':288
- DNS ASK bo####um.no-ip.biz