Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\x2vgqdhbc1jk6lyehiuznods8qhutgok.lnk
- %LOCALAPPDATA%\setuperr.log
- %LOCALAPPDATA%\ji7x0rjmedapjga1r1ghyo00gecutzn\jet0iq3dqeg0ozvcc3npft.wsf
- %APPDATA%\yewemfkifmgqri.zip
- %APPDATA%\49ojro~1\odudinmqdlhswjzcryet.db
- %APPDATA%\49ojro~1\rcolhlbwytegoyltsblog.db
- %APPDATA%\49ojro~1\rcolhlbwytegoyltsblog.exe
- %LOCALAPPDATA%\ji7x0rjmedapjga1r1ghyo00gecutzn\jet0iq3dqeg0ozvcc3npft.wsf
- %APPDATA%\yewemfkifmgqri.zip
- http://63.##0.37.92/Homvcckngxncookf/Osctmnxcggnoyj/Mrvqgarwl/Yiipibtctgrp/Yewemfkifmgqri.db
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\Ji7x0RJMEDApjgA1R1GHYo00GEcutZN\jEt0Iq3dqEg0ozVCC3NPfT.wsf"