Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ssptb' = '"%APPDATA%\Microsoft\Lzapnmnmz\lzapnmnm.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CTFMON.EXE' = '"%APPDATA%\Microsoft\Lzapnmnmz\lzapnmnm.exe" /c <SYSTEM32>\ctfmon.exe'
- '%APPDATA%\Microsoft\Lzapnmnmz\lzapnmnm.exe'
- '<SYSTEM32>\cscript.exe' "%HOMEPATH%\hbyafkurqlypoev.vbs"
- '<SYSTEM32>\cscript.exe' "%HOMEPATH%\sreghiewcsoaqiaovuhxphqi.vbs"
- '<SYSTEM32>\mobsync.exe'
- <SYSTEM32>\cscript.exe
- %HOMEPATH%\hbyafkurqlypoev.vbs
- %HOMEPATH%\sreghiewcsoaqiaovuhxphqi.vbs
- %APPDATA%\Microsoft\Lzapnmnmz\lzapnmn.dat
- %HOMEPATH%\hbyafkurqlypoev.vbs
- %HOMEPATH%\sreghiewcsoaqiaovuhxphqi.vbs