Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nRZEhAZLKz' = 'C:\Users\Public\nRZEhAZLKz.vbs'
- <SYSTEM32>\dllhost.exe
- %HOMEPATH%\snippingtool\approvechildrequest.bat
- %TEMP%\user2.txt
- %TEMP%\user7
- %TEMP%\user8
- %TEMP%\user2.txt
- %TEMP%\user8
- %TEMP%\user7
- %TEMP%\user8
- %TEMP%\user7
- DNS ASK sp##dns.pro
- '<SYSTEM32>\dllhost.exe'