Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Anti Virus Option.LNK
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\sysninit.ocx" PDFShow
- %HOMEPATH%\Cookies\Q1JOSkVVRlVfVVJOWFlNQVYA_boot
- %HOMEPATH%\Cookies\Q1JOSkVVRlVfVVJOWFlNQVYA_time
- %APPDATA%\xxx.pdf
- %HOMEPATH%\Cookies\Q1JOSkVVRlVfVVJOWFlNQVYA_ini
- %APPDATA%\Microsoft\Credentials\S-1-5-21-2052111302-484763869-725345543-1003\mcqnzoiz.exe
- %APPDATA%\tempname.txt
- %APPDATA%\sysninit.ocx
- %APPDATA%\Microsoft\Credentials\S-1-5-21-2052111302-484763869-725345543-1003\mcqnzoiz.ini
- %APPDATA%\Microsoft\Credentials\S-1-5-21-2052111302-484763869-725345543-1003\mcqnzoiz.dll
- %APPDATA%\Microsoft\Credentials\S-1-5-21-2052111302-484763869-725345543-1003\mcqnzoiz.ini
- %APPDATA%\Microsoft\Credentials\S-1-5-21-2052111302-484763869-725345543-1003\mcqnzoiz.exe
- %APPDATA%\sysninit.ocx
- %APPDATA%\Microsoft\Credentials\S-1-5-21-2052111302-484763869-725345543-1003\mcqnzoiz.dll
- %APPDATA%\tempname.txt
- '74.##5.232.51':443
- DNS ASK www.google.com