Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CRNJEUFU' = 'regsvr32 /s "%APPDATA%\CRNJEUFU.jpg"'
- '<SYSTEM32>\wscript.exe' "%TEMP%\b.vbs"
- %APPDATA%\00410111\sildo.zip
- %TEMP%\b.vbs
- 'ma####ada777.com':80
- 'localhost':1036
- ma####ada777.com/novo.zip
- DNS ASK ma####ada777.com
- ClassName: 'Indicator' WindowName: ''