Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'exwQGWxaNU' = 'C:\Users\Public\exwQGWxaNU.vbs'
- host.exe
- %APPDATA%\easinvoker\tokenbrokercookies.bat
- %APPDATA%\install\host.exe
- %APPDATA%\install\host.exe
- DNS ASK ma######copy.duckdns.org
- '%APPDATA%\install\host.exe'