Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'WIndown' = '%TEMP%\Temp\Microsoft HP.vbs'
- %WINDIR%\explorer.exe
- %WINDIR%\syswow64\cmmon32.exe
- microsoft hp.exe
- Процесс iexplore.exe, модуль wininet.dll
- %TEMP%\temp\microsoft hp.exe
- %TEMP%\temp\microsoft hp.vbs
- %TEMP%\temp\microsoft hp.exe
- http://ru###agro.com/js/bin/98kksjh.bin
- DNS ASK ru###agro.com
- '%TEMP%\temp\microsoft hp.exe'
- '%WINDIR%\syswow64\cmmon32.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%TEMP%\Temp\Microsoft HP.exe"