Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\aHRtdm5jL21yemd2dGyCAA==] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\aHRtdm5jL21yemd2dGyCAA==] 'ImagePath' = '%WINDIR%\uyaoye.exe'
- 'aHRtdm5jL21yemd2dGyCAA==' %WINDIR%\uyaoye.exe
- %WINDIR%\uyaoye.exe
- C:\1504.vbs
- C:\1504.vbs
- '45.##3.64.128':3455
- '%WINDIR%\uyaoye.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\1504.vbs"
- '%WINDIR%\uyaoye.exe' Win7
- '%WINDIR%\syswow64\wscript.exe' "C:\1504.vbs"' (со скрытым окном)