Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'eeNUP' = 'rundll32 "%APPDATA%\tmp01.dll",start'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winword016' = '%TEMP%\winword016.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winword016' = '%APPDATA%\winword016.exe'
- %TEMP%\winword016.exe
- %APPDATA%\tmp01.dll
- %TEMP%\tmp01.dll
- %APPDATA%\winword016.exe
- %APPDATA%\winword016.exe
- 'op###ein.com':443
- 'in##hpo.com':443
- 'lo##rcu.com':443
- 'mc###load.com':443
- 'mc##vsr.com':443
- DNS ASK op###ein.com
- DNS ASK in##hpo.com
- DNS ASK lo##rcu.com
- DNS ASK mc###load.com
- DNS ASK mc##vsr.com
- '<SYSTEM32>\rundll32.exe' "%TEMP%\tmp01.dll",start