Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Defender' = '"<LS_APPDATA>\%USERNAME%Controle.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Defender' = '"<LS_APPDATA>\%USERNAME%Controle.exe"'
- <LS_APPDATA>\%USERNAME%Controle.exe
- '00####caofree.com':80
- http://00####caofree.com/infect.php
- DNS ASK 00####caofree.com