Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RSebtYMzsh' = 'C:\Users\Public\RSebtYMzsh.vbs'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'stuo' = '%APPDATA%\Install\Host.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{G8448241-80YR-8VL8-2CPD-7WD2AP61UB6C}] 'StubPath' = '"%APPDATA%\Install\Host.exe"'
- host.exe
- %APPDATA%\rwinsta\lsaiso.bat
- %APPDATA%\install\host.exe
- %APPDATA%\install\host.exe
- DNS ASK ha####rcy.mooo.com
- '%APPDATA%\install\host.exe'