Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HMYQXZ' = '"%APPDATA%\Windata\OSJNFC.exe"'
- %TEMP%\aut1.tmp
- %TEMP%\xbzipp.pdf
- %APPDATA%\windata\osjnfc.exe
- %TEMP%\hmyqxz.vbs
- %TEMP%\aut1.tmp
- <SYSTEM32>\wbem\logs\wbemcore.lo_
- <SYSTEM32>\wbem\Logs\wbemcore.lo_
- '10#.#50.122.132':1194
- DNS ASK ip##i.co
- ClassName: 'AdobeAcrobat' WindowName: ''
- '<SYSTEM32>\wscript.exe' %TEMP%\HMYQXZ.vbs
- '%ProgramFiles%\adobe\reader 10.0\reader\acrord32.exe' "%TEMP%\XBZIPP.pdf"