Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NattlyDefender' = '%APPDATA%\NattlyDefender.exe'
- '%APPDATA%\NattlyDefender.exe'
- %APPDATA%\System.Data.SQLite.dll
- %APPDATA%\NattlyDefender.exe
- %APPDATA%\Z-Nattly.exe
- %APPDATA%\Interop.Shell32.dll
- 'mp###ass.com':80
- mp###ass.com/getfileinfo.php?id####
- DNS ASK mp###ass.com
- ClassName: 'Indicator' WindowName: '(null)'