Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'iavmfb' = '"%APPDATA%\Microsoft\Lzapnmnmz\lzapnmnm.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CTFMON.EXE' = '"%APPDATA%\Microsoft\Lzapnmnmz\lzapnmnm.exe" /c <SYSTEM32>\ctfmon.exe'
- '%APPDATA%\Microsoft\Lzapnmnmz\lzapnmnm.exe'
- '<SYSTEM32>\cscript.exe' "%HOMEPATH%\inylllqfwipkswdhr.vbs"
- '<SYSTEM32>\cscript.exe' "%HOMEPATH%\vlggszhcpzmkrivdotys.vbs"
- '<SYSTEM32>\mobsync.exe'
- <SYSTEM32>\cscript.exe
- %HOMEPATH%\inylllqfwipkswdhr.vbs
- %HOMEPATH%\vlggszhcpzmkrivdotys.vbs
- %APPDATA%\Microsoft\Lzapnmnmz\lzapnmn.dat
- %HOMEPATH%\inylllqfwipkswdhr.vbs
- %HOMEPATH%\vlggszhcpzmkrivdotys.vbs