Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Security' = 'Wscript.exe /B "%HOMEPATH%\nebp.vbe"'
- %WINDIR%\Tasks\Parker.job
- <SYSTEM32>\wscript.exe /B "%APPDATA%\msddn.vbs"
- <SYSTEM32>\schtasks.exe /Create /SC minute /mo 30 /TN Parker /TR "wscript.exe /B """%APPDATA%\msddn.vbs"""" /RU SYSTEM
- %APPDATA%\msddn.vbs
- %ALLUSERSPROFILE%\0
- %ALLUSERSPROFILE%\idt
- %APPDATA%\msddn.vbs
- 'qu###.largamex.com':8082
- DNS ASK qu###.largamex.com