Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'office' = '"<SYSTEM32>\rundll32.exe" %TEMP%\103750.dll,S'
- <SYSTEM32>\cmd.exe /c %TEMP%\1.bat
- <SYSTEM32>\rundll32.exe %TEMP%\103750.dll,S
- %TEMP%\1.bat
- <SYSTEM32>\kabaker.dll
- %TEMP%\103750.dll
- 'www.as##oy.info':80
- www.as##oy.info/tj/count.asp?in###########
- DNS ASK www.as##oy.info
- ClassName: 'Indicator' WindowName: ''