Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ifcom' = 'c:\vmount.exe'
- C:\vmount.exe
- <SYSTEM32>\wscript.exe "%TEMP%\delay.vbs"
- <SYSTEM32>\cmd.exe /c ""c:\sss.bat" "
- %TEMP%\delay.vbs
- C:\sss.bat
- C:\vmount.exe
- C:\vmount.exe
- %TEMP%\delay.vbs
- '21#.#46.22.45':7000