Техническая информация
- [<HKCU>\Software\Microsoft\Active Setup\Installed Components\{n9KzYYE5-hAVE-0cLQ-cAhS-YpcJFnmuOsMz}] 'StubPath' = '"%TEMP%\PbYcN.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{n9KzYYE5-hAVE-0cLQ-cAhS-YpcJFnmuOsMz}] 'StubPath' = '"%TEMP%\PbYcN.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'id4ZviO88gs1nZrOdJKcJV' = '"%TEMP%\PbYcN.exe"'
- <SYSTEM32>\cmd.exe /c """%TEMP%\NG34Hak9.bat"" "
- %TEMP%\PbYcN.exe
- %TEMP%\NG34Hak9.bat
- %TEMP%\PbYcN.exe
- 'ac####te.zapto.org':1024
- DNS ASK ac####te.zapto.org