Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ddkri' = '%TEMP%\ddkri\10717.vbs'
- '%TEMP%\ddkri\XYSadxAt.zqtpWIjudUOw' JAzqkBZNnnJ.DMR
- '<SYSTEM32>\taskkill.exe' /IM mshta.exe
- '<SYSTEM32>\mshta.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\ddkri\clQS.vbs"
- %TEMP%\ddkri\hmFDAsojZ.JXR
- %TEMP%\ddkri\27728.cmd
- %TEMP%\ddkri\10717.vbs
- %TEMP%\ddkri\JAzqkBZNnnJ.DMR
- %TEMP%\ddkri\obnfFVZl.VLU
- %TEMP%\ddkri\XYSadxAt.zqtpWIjudUOw
- %TEMP%\ddkri\clQS.vbs
- %TEMP%\ddkri\hmFDAsojZ.JXR
- %TEMP%\ddkri\10717.vbs
- %TEMP%\ddkri\27728.cmd
- %TEMP%\ddkri\JAzqkBZNnnJ.DMR
- %TEMP%\ddkri\obnfFVZl.VLU
- %TEMP%\ddkri\XYSadxAt.zqtpWIjudUOw
- %TEMP%\ddkri\clQS.vbs
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'