Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv] 'ImagePath' = '<SYSTEM32>\mqyeqa.exe'
- %WINDIR%\syswow64\mqyeqa.exe
- C:\5498.vbs
- C:\5498.vbs
- DNS ASK zh###gbige.top
- '%WINDIR%\syswow64\mqyeqa.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\5498.vbs"
- '%WINDIR%\syswow64\mqyeqa.exe' Win7
- '%WINDIR%\syswow64\wscript.exe' "C:\5498.vbs"' (со скрытым окном)