Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'vb4.0.17 Biled' = 'WScript.exe //b //e:vbscript "%ALLUSERSPROFILE%\vb4.0.17 Biled"'
- '<SYSTEM32>\wscript.exe' "%TEMP%\1.tmp\2.vbs"
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\regsvr32.exe' /I /S "%ALLUSERSPROFILE%\vb4.0.17 Biled.BIN"
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\vb4.0.17 Biled
- %ALLUSERSPROFILE%\vb4.0.17 Biled.BIN
- %TEMP%\1.tmp\2.vbs
- <Текущая директория>\cyman_a1future_345.exe
- %TEMP%\1.tmp\2.vbs
- 'as####10.codns.com':5552
- DNS ASK as####10.codns.com