Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'gyllensj' = '%TEMP%\keratomalacialimbered\paro.vbs'
- paro.exe
- %TEMP%\keratomalacialimbered\paro.exe
- %TEMP%\keratomalacialimbered\paro.vbs
- http://do#####arrehberim.com/wp-content/uploads/bin_wJFmM61.bin
- DNS ASK do#####arrehberim.com
- '%TEMP%\keratomalacialimbered\paro.exe'