Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'LNTAGE' = '%HOMEPATH%\chenillen\Forret.vbs'
- forret.exe
- %HOMEPATH%\chenillen\forret.exe
- %HOMEPATH%\chenillen\forret.vbs
- http://vd####9wogzzu.info/us1.bin
- DNS ASK vd####9wogzzu.info
- '%HOMEPATH%\chenillen\forret.exe'