Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'kftdvBuVrS' = 'C:\Users\Public\kftdvBuVrS.vbs'
- %APPDATA%\asferror\systemsettingsremovedevice.bat
- %APPDATA%\windata\excel.exe
- %TEMP%\pmygnv.vbs
- <SYSTEM32>\wbem\logs\wbemcore.lo_
- DNS ASK ip##i.co
- DNS ASK sa#####e.duckdns.org
- '<SYSTEM32>\wscript.exe' %TEMP%\PMYGNV.vbs