Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\<Имя файла>.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\Mnopqr Tuvwxyab Def] 'ImagePath' = '%WINDIR%\hyjzyk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Mnopqr Tuvwxyab Def] 'Start' = '00000002'
- '<SYSTEM32>\wscript.exe' "C:\8768.vbs"
- '%WINDIR%\hyjzyk.exe'
- C:\8768.vbs
- %WINDIR%\hyjzyk.exe
- %WINDIR%\hyjzyk.exe
- C:\8768.vbs
- 'gb####.f3322.net':15642
- DNS ASK gb####.f3322.net