Техническая информация
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\Policies\Explorer\Run] '6604' = '%ProgramFiles%\locals~1\temp\msiakhwc.com'
- %WINDIR%\syswow64\svchost.exe
- cvtres.exe
- %TEMP%\yaufy.exe
- %TEMP%\cvtres.exe
- %ProgramFiles%\locals~1\temp\msiakhwc.com
- %TEMP%\cvtres.exe
- DNS ASK bl####.zapto.org
- '%TEMP%\yaufy.exe'
- '%TEMP%\cvtres.exe'
- '%WINDIR%\syswow64\svchost.exe'