Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'vnjnuaZq\' = 'C:\vnjnuaZq\rSYypatH.exe'
- '%APPDATA%\Install\Host.exe' "%TEMP%\0.exe"
- '%TEMP%\0.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %APPDATA%\Install\Host.exe
- %APPDATA%\Install\.IgHiJkLiO
- C:\vnjnuaZq\rSYypatH.exe
- %TEMP%\0.exe
- %APPDATA%\Install\.IgHiJkLiO
- %TEMP%\0.exe
- 'pa#####ce3.bounceme.net':7890
- DNS ASK pa#####ce3.bounceme.net