Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Odctq' = '"%APPDATA%\Vclzfbbkd\Odctq.exe"'
- %APPDATA%\vclzfbbkd\odctq.exe
- '2.##.149.2':80
- http://2.##.149.2/TT_copy_for_June_05_Ddfvvhmu.bmp
- '%WINDIR%\syswow64\cmd.exe' /c timeout 20' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 20
- '%WINDIR%\syswow64\timeout.exe' 20
- '%WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe'