Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Ozon2' = '%TEMP%\Elevarbejd4\KNEBRESUD.vbs'
- knebresud.exe
- %TEMP%\elevarbejd4\knebresud.exe
- %TEMP%\elevarbejd4\knebresud.vbs
- %TEMP%\elevarbejd4\knebresud.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK drive.google.com
- DNS ASK microsoft.com
- DNS ASK do#########ocs.googleusercontent.com
- '%TEMP%\elevarbejd4\knebresud.exe'
- '%WINDIR%\syswow64\ipconfig.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%TEMP%\Elevarbejd4\KNEBRESUD.exe"