Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\GhADdfDOCZWUQBfX.lnk
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
- %TEMP%\aut1.tmp
- %TEMP%\GhADdfDOCZWU
- %APPDATA%\lcore1.exe
- %TEMP%\aut2.tmp
- C:\Documents
- %APPDATA%\GhADdfDOCZWUQBfX.exe
- %APPDATA%\lcore.exe
- %APPDATA%\GhADdfDOCZWUQBfX.exe
- %HOMEPATH%\Start Menu\Programs\Startup\GhADdfDOCZWUQBfX.lnk
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %APPDATA%\lcore1.exe в %APPDATA%\lcore.exe
- '%APPDATA%\lcore.exe'
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > %APPDATA%\lcore.exe:ZONE.identifier
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe'
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > %APPDATA%\GhADdfDOCZWUQBfX.exe:ZONE.identifier