Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%WINDIR%\F4nt4s1a7.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\cdftmong543.exe'
- %WINDIR%\F4nt4s1a7.exe
- <SYSTEM32>\cdftmong543.exe
- 'pa###ichula.in':80
- pa###ichula.in/importes/server.php
- DNS ASK pa###ichula.in