Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'defrauder' = '%HOMEPATH%\MANGANSSTU\Regene6.vbs'
- regene6.exe
- %HOMEPATH%\mangansstu\regene6.exe
- %HOMEPATH%\mangansstu\regene6.vbs
- %APPDATA%\cosp\dos.dt
- 'cd#.#ilesend.jp':443
- 'ga##s.ga':2266
- DNS ASK cd#.#ilesend.jp
- DNS ASK fu##676.com
- DNS ASK ga##s.ga
- '%HOMEPATH%\mangansstu\regene6.exe'