Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'urpirp' = '<LS_APPDATA>\urpirp\urpirpWd.vbs'
- <SYSTEM32>\regsvr32.exe
- %TEMP%\urpirpkeo.exe
- %TEMP%\urpirp.bmp
- %TEMP%\urpirp.ocx
- %HOMEPATH%\urpirpesx.exe
- <LS_APPDATA>\urpirp\urpirp.bmp
- <LS_APPDATA>\urpirp\urpirpm.vbs
- <LS_APPDATA>\urpirp\urpirpwd.vbs
- %TEMP%\urpirp.ocx
- 'su#####ssings.hopto.org':5731
- DNS ASK su#####ssings.hopto.org
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\urpirpkeo.exe'
- '<SYSTEM32>\regsvr32.exe'