Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,"%LOCALAPPDATA%\Pic1fPBkmq\LOHejsSdpL.exe" -s'
- %TEMP%\gabbs.exe
- %TEMP%\acervnp3a8.exe
- %LOCALAPPDATA%\pic1fpbkmq\lohejssdpl.exe
- %LOCALAPPDATA%\pic1fpbkmq\lohejssdpl.exe
- 'cd#.##scordapp.com':443
- 'cd#.##scordapp.com':443
- DNS ASK cd#.##scordapp.com
- '%TEMP%\gabbs.exe'
- '%TEMP%\acervnp3a8.exe'