Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rlTivvrPLc' = 'C:\Users\Public\rlTivvrPLc.vbs'
- %TEMP%\bluetoothapis\wbadmin.bat
- %APPDATA%\screenshots\time_20190802_205327.png
- %APPDATA%\remcos\logs.dat
- 'ja#####2.bounceme.net':3103
- DNS ASK ja#####2.bounceme.net