Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'win32' = '%WINDIR%\winsx.exe'
- '%TEMP%\system.exe'
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v win32 /t REG_SZ /d "%WINDIR%\winsx.exe" /f
- '<SYSTEM32>\cmd.exe' /c "%APPDATA%\1.bat"
- %APPDATA%\1.bat
- %WINDIR%\winsx.exe
- %TEMP%\system.exe
- %TEMP%\sfx.ini
- %TEMP%\CAMPESINOS DEL CATATUMBO LE SOLICITARON REFUGIO INTERNACIONAL AL PRESIDENTE MADURO.pdf
- %TEMP%\sfx.ini
- 'v1####32.no-ip.org':3001
- 'v1####31.no-ip.org':3000
- DNS ASK v1####32.no-ip.org
- DNS ASK v1####31.no-ip.org