Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'CTS' = '%WINDIR%\CTS.exe'
- %TEMP%\q2zqfgxadrzfazr.exe
- %WINDIR%\cts.exe
- http://aj####loader.com/uploadfiles/f76a5880-baaa-a3fe-0cf2-5766f69a1c48.exe
- DNS ASK aj####loader.com
- '%TEMP%\q2zqfgxadrzfazr.exe'
- '%WINDIR%\cts.exe'
- '%WINDIR%\syswow64\cmd.exe' /c b6d097b70a65.exe