Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Fymths Oyooctmi Lll] 'ImagePath' = '<SYSTEM32>\svchost.exe -k imgsvc'
- [<HKLM>\SYSTEM\ControlSet001\Services\Fymths Oyooctmi Lll] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k imgsvc
- %ProgramFiles%\Bhld\Xqxoapste.jpg
- C:\NetTemp.ini
- C:\NetTemp.ini
- C:\NetTemp.ini
- 'sk##.gnway.net':9525
- DNS ASK sk##.gnway.net