Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Security' = 'Wscript.exe /B "%APPDATA%\numbp.vbe"'
- %WINDIR%\Tasks\Parker.job
- <SYSTEM32>\wscript.exe /B "%APPDATA%\msddn.vbs"
- <SYSTEM32>\schtasks.exe /Create /SC minute /mo 30 /TN Parker /TR "wscript.exe /B """%APPDATA%\msddn.vbs"""" /RU SYSTEM
- %APPDATA%\msddn.vbs
- %ALLUSERSPROFILE%\0
- %ALLUSERSPROFILE%\idt
- %APPDATA%\msddn.vbs
- 'xv#.###tualizenet.com':2012
- DNS ASK xv#.###tualizenet.com