Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Security' = 'Wscript.exe /B "%APPDATA%\numbp.vbe"'
- %WINDIR%\Tasks\Parker.job
- <SYSTEM32>\wscript.exe /B "%APPDATA%\msddn.vbs"
- <SYSTEM32>\schtasks.exe /Create /SC minute /mo 30 /TN Parker /TR "wscript.exe /B """%APPDATA%\msddn.vbs"""" /RU SYSTEM
- %APPDATA%\msddn.vbs
- %APPDATA%\numbp.vbe
- %ALLUSERSPROFILE%\idt
- %ALLUSERSPROFILE%\0
- %APPDATA%\msddn.vbs
- 'no###suite.org':80
- no###suite.org/mmllf/1.vbe.file
- DNS ASK no###suite.org