Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update.exe' = '"%APPDATA%\lalallalaaa\Update.exe"'
- %APPDATA%\lalallalaaa\Update.exe
- <SYSTEM32>\wscript.exe "%APPDATA%\lalallalaaa\Autorun.vbs"
- %APPDATA%\lalallalaaa\Autorun.vbs
- %APPDATA%\lalallalaaa\Update.exe
- 'un###e-crew.net':80
- un###e-crew.net/0xtHd1m$13B37dn/brainbot/connect.php?hw##################################
- DNS ASK un###e-crew.net
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Indicator' WindowName: ''