Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'font2.0' = '%PROGRAMDATA%\font2.0Files\rekeywiz.exe'
- %TEMP%\hajj policy and plan 2020.pdf
- %TEMP%\8pswnxhf92svqg.hta
- %PROGRAMDATA%\font2.0files\rekeywiz.exe
- %PROGRAMDATA%\font2.0files\duser.dll
- %PROGRAMDATA%\font2.0files\5zuqb18.tmp
- %PROGRAMDATA%\font2.0files\rekeywiz.exe.config
- http://www.ha#####o-org.tar-gz.net/plugins/15984/11992/true/true/
- http://www.ha#####o-org.tar-gz.net/cgi/8ee4d36866/15984/11992/28673f34/file.hta
- http://www.ha#####o-org.tar-gz.net/plugins/15984/11992/true/true/The%20process%20cannot%20access%20the%20file%20'C:/Users/user/AppData/Local/Temp/8PSwnxhf92sVqg.hta'%20because%20it%20is%20being...
- DNS ASK ha#####o-org.tar-gz.net
- '%PROGRAMDATA%\font2.0files\rekeywiz.exe'
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "%TEMP%\Hajj Policy and Plan 2020.pdf"
- '<SYSTEM32>\mshta.exe' %TEMP%\8PSwnxhf92sVqg.hta