Техническая информация
- '%TEMP%\PMWkJh.exe' x yggEf.zip -paq1sw2de3fr4 -y
- '%TEMP%\PMWkJh.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /k c: & cd\ & cd %HOMEPATH%\Local Settings\Temp & PMWkJh.exe x yggEf.zip -paq1sw2de3fr4 -y & exit
- %TEMP%\yggEf.zip
- %TEMP%\PMWkJh.exe
- 'www.ho####oodvips.com':80
- http://www.ho####oodvips.com/hobby/bala.jpg
- http://www.ho####oodvips.com/liga/wosts.jpg
- DNS ASK www.ho####oodvips.com
- ClassName: 'MS_WINHELP' WindowName: ''