Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DllUnregisterServer' = '"rundll32.exe" <SYSTEM32>\behloruy.dll,DllUnregisterServer '
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'gjnqtx.exe' = '"<SYSTEM32>\gjnqtx.exe"'
- '<SYSTEM32>\rundll32.exe' behloruy.dll,DllUnregisterServer
- <SYSTEM32>\behloruy.dll
- <SYSTEM32>\RCX2.tmp
- <SYSTEM32>\impsvzd.dll
- <SYSTEM32>\RCX1.tmp
- <SYSTEM32>\behloruy.dll
- <SYSTEM32>\impsvzd.dll
- <SYSTEM32>\behloruy.dll
- <SYSTEM32>\impsvzd.dll