Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'OperaSetups' = '%APPDATA%\RuntimeBroker\RuntimeBroker.exe'
- %APPDATA%\runtimebroker\runtimebroker.exe
- %TEMP%\tcrsprgkvxnf.exe
- %WINDIR%\temp\ottvckjc.exe
- %WINDIR%\temp\wawlspoh.inf
- '%TEMP%\tcrsprgkvxnf.exe'
- '<SYSTEM32>\cmstp.exe' /au %WINDIR%\temp\wawlspoh.inf
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%TEMP%\Gcnm.docx"
- '<SYSTEM32>\cmd.exe' /c start %WINDIR%\temp\ottvckjc.exe