Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'oFZLhpN' = '"C:\qYnIo9f\ImGPtgn.exe" "C:\qYnIo9f\XsqGVwzw" "C:\qYnIo9f\R2LEc3" '
- C:\qynio9f\2x0drsh43.zip
- C:\qynio9f\2x0drsh43.zip
- http://52.##9.225.59/zwro/O9VML932V5I8Q0O3.png
- '<SYSTEM32>\cmd.exe' /C start /MIN reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oFZLhpN" /d "\"C:\qYnIo9f\ImGPtgn.exe\" \"C:\qYnIo9f\XsqGVwzw\" \"C:\qYnIo9f\R2LEc3\" " /t REG_SZ' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /C start /MIN reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oFZLhpN" /d "\"C:\qYnIo9f\ImGPtgn.exe\" \"C:\qYnIo9f\XsqGVwzw\" \"C:\qYnIo9f\R2LEc3\" " /t REG_SZ
- '<SYSTEM32>\reg.exe' add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oFZLhpN" /d "\"C:\qYnIo9f\ImGPtgn.exe\" \"C:\qYnIo9f\XsqGVwzw\" \"C:\qYnIo9f\R2LEc3\" " /t REG_SZ