Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IKZGKJ' = '"%APPDATA%\Windata\RQNI4hH0zU7oU3k.exe"'
- %HOMEPATH%\start menu\programs\startup\ikzgkj.lnk
- %APPDATA%\windata\rqni4hh0zu7ou3k.exe
- %TEMP%\ikzgkj.vbs
- <SYSTEM32>\wbem\logs\wbemcore.lo_
- '10#.200.6.3':4001
- '<SYSTEM32>\wscript.exe' %TEMP%\IKZGKJ.vbs