Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'kjqqpr' = '<LS_APPDATA>\kjqqpr\kjqqprWd.vbs'
- <SYSTEM32>\regsvr32.exe
- %TEMP%\kjqqprbwr.exe
- %TEMP%\kjqqpr.bmp
- %TEMP%\kjqqpr.ocx
- %HOMEPATH%\kjqqpresx.exe
- <LS_APPDATA>\kjqqpr\kjqqpr.bmp
- <LS_APPDATA>\kjqqpr\kjqqprm.vbs
- <LS_APPDATA>\kjqqpr\kjqqprwd.vbs
- %TEMP%\kjqqpr.ocx
- DNS ASK pr######nswered.hopto.org
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\kjqqprbwr.exe'
- '<SYSTEM32>\regsvr32.exe'