Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2Z0yW' = '%APPDATA%\htJZK\2Z0yW.exe'
- '<SYSTEM32>\attrib.exe' "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe" +s +h
- '<SYSTEM32>\notepad.exe'
- '<SYSTEM32>\attrib.exe' "%WINDIR%\Microsoft.NET\Framework\v2.0.50727" +s +h
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'
- '<SYSTEM32>\cmd.exe' /k attrib "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe" +s +h
- '<SYSTEM32>\cmd.exe' /k attrib "%WINDIR%\Microsoft.NET\Framework\v2.0.50727" +s +h
- <SYSTEM32>\notepad.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %APPDATA%\htJZK\2Z0yW.exe
- 'sm######nsgermany.mooo.com':55676
- DNS ASK sm######nsgermany.mooo.com