Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dnqqhvdgth' = 'C:\Users\Public\dnqqhvdgth.vbs'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'windows' = '%APPDATA%\Install\Host.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{QE2I3NMN-032K-7R2D-4FV5-EH7M33CTBGN5}] 'StubPath' = '"%APPDATA%\Install\Host.exe"'
- host.exe
- %APPDATA%\pnpunattend\ravbg64.bat
- %APPDATA%\install\host.exe
- '16#.#16.15.156':8973
- '%APPDATA%\install\host.exe'