Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'delpcdefmsi' = 'cmd /c rmdir /s /q "%HOMEPATH%\My Documents\GZJEAHMDDXQDPVCT"'
- <SYSTEM32>\msiexec.exe /V
- <SYSTEM32>\msiexec.exe /i "OQDXVSCALWJMKPRYJKPU.msi" /quiet
- <SYSTEM32>\wscript.exe ""%TEMP%\4e84796d.vbs""
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\PCDefenderSilentSetup[1].msi
- %TEMP%\4e84796d.vbs
- 'ka####atblog.info':80
- 'localhost':1034
- ka####atblog.info/PCDefenderSilentSetup.msi
- DNS ASK ka####atblog.info
- '<IP-адрес в локальной сети>':1035