Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'iiIVUqBJlP' = 'C:\Users\Public\iiIVUqBJlP.vbs'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'jaopezxabZ' = 'C:\Users\Public\jaopezxabZ.vbs'
- '%TEMP%\file1name.exe'
- '%TEMP%\file2name.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %TEMP%\file1name.exe
- %TEMP%\file2name.exe
- %APPDATA%\adaptivecards\bcp47mrm.bat
- %APPDATA%\bcdsrv\wmiadap.bat
- C:\users\public\iiivuqbjlp.vbs
- C:\users\public\jaopezxabz.vbs
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- '69.##7.188.187':30303
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'