Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '%TEMP%\idta\TVSPAJ~1.EXE %TEMP%\idta\fftpod.dll'
- regsvcs.exe
- %TEMP%\idta\jpfusk.pvs
- %HOMEPATH%\temp\wnkpojvifv.xl
- %TEMP%\idta\omkljlcmc.xml
- %TEMP%\idta\iwdtig.docx
- %TEMP%\idta\wcwkcxuv.dat
- %TEMP%\idta\enxitpihl.mp3
- %TEMP%\idta\vmiep.xl
- %TEMP%\idta\rpvqhjrp.xls
- %TEMP%\idta\lxanhpg.mp3
- %TEMP%\idta\qgvf.mp3
- %TEMP%\idta\pqpu.xl
- %TEMP%\idta\nhcibbl.docx
- %TEMP%\regsvcs.exe
- %TEMP%\idta\amktfjxr.xl
- %TEMP%\idta\xivsqsqa.msc
- %TEMP%\idta\jlqlapsxko.txt
- %TEMP%\idta\hlugrkt.mp3
- %TEMP%\idta\rdqffrwwq.jpg
- %TEMP%\idta\screma.ini
- %TEMP%\idta\fkwntjbvjn.xl
- %TEMP%\idta\tobs.xml
- %TEMP%\idta\tvspajvlnh.exe
- %TEMP%\idta\lpfbbn-ejtvsoho.docx.vbe
- %TEMP%\idta\fftpod.dll
- %TEMP%\idta\wnkpojvifv.xl
- %TEMP%\idta\aflinf.icm
- %TEMP%\trojan.exe
- %TEMP%\idta\tvspajvlnh.exe
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\idta\tvspajvlnh.exe' fftpod.dll
- '%TEMP%\regsvcs.exe'
- '%TEMP%\trojan.exe'
- '%WINDIR%\syswow64\wscript.exe' lpfbbn-ejtvsoho.docx.vbe