Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'msnmsgr' = '"%TEMP%\msnmsgr.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'G-Buster Browser Defense' = '"%TEMP%\csrsss.exe"'
- %TEMP%\msnmsgr.exe
- %TEMP%\csrsss.exe
- C:\%USERNAME%.txt
- 'ma####fleuri.com.br':80
- ma####fleuri.com.br/2.php
- DNS ASK ma####fleuri.com.br
- ClassName: '' WindowName: 'Erro'
- ClassName: 'Indicator' WindowName: ''