Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{51C8094B-6812-E100-03C5-30E56F4C18DD}] 'StubPath' = '<SYSTEM32>\UD For Ya Cypher !!.exe'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -nohome
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\cefkrsyAMX.bat" "
- '<SYSTEM32>\UD For Ya Cypher !!.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\cefkrsyAMX.bat
- <SYSTEM32>\Attacker.exe
- <SYSTEM32>\UD For Ya Cypher !!.exe
- <SYSTEM32>\UD For Ya Cypher !!.exe
- 'ma###e.r00t.la':5555
- DNS ASK ma###e.r00t.la