Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'QGq' = '%TEMP%\1blUs.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Bc3EA6UUGq3YoI' = '%TEMP%\1blUs.exe'
- [<HKCU>\Software\Microsoft\Active Setup\Installed Components\{7m7eB8oZ-5UgO-gCM9-JbPR-H70YsyilVWvo}] 'StubPath' = '%TEMP%\1blUs.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{7m7eB8oZ-5UgO-gCM9-JbPR-H70YsyilVWvo}] 'StubPath' = '%TEMP%\1blUs.exe'
- iexplore.exe
- %TEMP%\bat.bat
- %TEMP%\1blus.exe
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\bat.bat" "' (со скрытым окном)
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\bat.bat" "