Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'sounds' = '%APPDATA%\Microsoft\MMC\sounds.exe'
- sounds.exe
- %TEMP%\aut40a.tmp
- %APPDATA%\tgpidkqvhixaiscqiesjnvpen30350.png
- %APPDATA%\microsoft\mmc\sounds.exe
- %TEMP%\aut3f3f.tmp
- %TEMP%\aut40a.tmp
- %TEMP%\aut3f3f.tmp
- 'cl#####.enigmasolutions.xyz':54579
- DNS ASK cl#####.enigmasolutions.xyz
- '%APPDATA%\microsoft\mmc\sounds.exe'