Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\_vsbphj6_.lnk
- <SYSTEM32>\tasks\_vsbphj6_
- C:\users\public\b.ar
- C:\users\public\_vsbphj6_\_vsbphj6_1.csv
- %LOCALAPPDATA%\microsoft\forms\frmdata64.dat
- %TEMP%\outlook logging\firstrun.log
- %WINDIR%\inf\outlook\outlperf.h
- %WINDIR%\inf\outlook\0009\outlperf.ini
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- DNS ASK ar######o1.servebeer.com
- DNS ASK oc##.#tartssl.com
- ClassName: 'mspim_wnd32' WindowName: 'Microsoft Outlook'
- ClassName: 'rencat' WindowName: ''
- '%ProgramFiles%\microsoft office\office14\outlook.exe' -Embedding