Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\_umkbxz8_.lnk
- <SYSTEM32>\tasks\_umkbxz8_
- C:\users\public\_umkbxz8_\_umkbxz8_.zip
- C:\users\public\_umkbxz8_\exe.png
- C:\users\public\_umkbxz8_\jli.dll
- C:\users\public\_umkbxz8_\msvcr100.dll
- C:\users\public\cr
- %LOCALAPPDATA%\microsoft\forms\frmdata64.dat
- %TEMP%\outlook logging\firstrun.log
- %WINDIR%\inf\outlook\outlperf.h
- %WINDIR%\inf\outlook\0009\outlperf.ini
- C:\users\public\_umkbxz8_\exe.png в C:\users\public\_umkbxz8_\_umkbxz8_.exe
- http://45.##9.185.226/a2_5f0I3M0_1_0Eoimx/a2_5f0I3M0_1_0EoiMD/a2_5f0I3M0_1_0Eoial/md.zip
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://qu####.serveftp.com/a2_5f0I3M0_1_0Eoimx/a2_5f0I3M0_1_0Eoi/a2_5f0I3M0_1_0Eoial/index.php
- DNS ASK qu####.serveftp.com
- DNS ASK microsoft.com
- ClassName: 'mspim_wnd32' WindowName: 'Microsoft Outlook'
- ClassName: 'rencat' WindowName: ''
- '%ProgramFiles%\microsoft office\office14\outlook.exe' -Embedding