Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Startup key' = '%HOMEPATH%\subfolder1\filename1.vbs'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'syscnf' = '%PROGRAMDATA%\sysco.exe'
- sysco.exe
- %HOMEPATH%\subfolder1\filename1.exe
- %HOMEPATH%\subfolder1\filename1.vbs
- %PROGRAMDATA%\sysco.exe
- http://www.vv#f.in/hdui/warkudi2020_encrypted_3A45570.bin
- DNS ASK vv#f.in
- '%HOMEPATH%\subfolder1\filename1.exe'
- '%PROGRAMDATA%\sysco.exe'