Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Bonjour' = '%PROGRAMDATA%\Bonjour\2020\Bonjour.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'JavaUpdater' = '%PROGRAMDATA%\Java\2020\JavaUpdater.exe'
- %PROGRAMDATA%\hp\2020\28054564.zip
- %PROGRAMDATA%\hp\2020\5\dotnetzip-0fvitngd.tmp
- %PROGRAMDATA%\hp\2020\6\dotnetzip-3nlup00a.tmp
- %PROGRAMDATA%\hp\2020\6\dotnetzip-rplrwhmv.tmp
- %PROGRAMDATA%\bonjour\2020\bonjour.exe
- %PROGRAMDATA%\java\2020\javaupdater.exe
- %PROGRAMDATA%\hp\2020\5\dotnetzip-0fvitngd.tmp в %PROGRAMDATA%\hp\2020\5\winlogo.exe
- %PROGRAMDATA%\hp\2020\6\dotnetzip-3nlup00a.tmp в %PROGRAMDATA%\hp\2020\6\bonjour.exe
- %PROGRAMDATA%\hp\2020\6\dotnetzip-rplrwhmv.tmp в %PROGRAMDATA%\hp\2020\6\javaupdater.exe
- http://30###00.site/28054564/28054564/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK 30###00.site
- DNS ASK ap#.#pify.org
- DNS ASK microsoft.com
- '%PROGRAMDATA%\hp\2020\5\winlogo.exe'