Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dw1' = 'regsvr32 /s "%APPDATA%\CRNJEUFU.jpg" '
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v dw1 /d "regsvr32 /s """%APPDATA%\CRNJEUFU.jpg"""
- '<SYSTEM32>\regsvr32.exe' /s "%APPDATA%\CRNJEUFU.jpg"
- '<SYSTEM32>\taskkill.exe' -f -im iexplore.exe
- '<SYSTEM32>\reg.exe' delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v dmn
- iexplore.exe
- %APPDATA%\CRNJEUFU.jpg
- %TEMP%\~DFA8CB.tmp
- '20#.#8.151.126':80
- 'localhost':1036
- 20#.#8.151.126/v12/kkrasxuparola/1nf3ct/u7x/?ch######################################################################
- 20#.#8.151.126/v12/kkrasxuparola/uq1.jpg
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '#32770' WindowName: ''
- ClassName: '(null)' WindowName: '(null)'