Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'gobucuutnbjilcxd' = '<SYSTEM32>\regsvr32.exe /s "%TEMP%\nsq9.tmp.dll"'
- %TEMP%\setup.exe
- %TEMP%\sys.exe
- %TEMP%\locatr.exe
- <SYSTEM32>\mode.com 200
- <SYSTEM32>\cmd.exe /c ""%TEMP%\8.tmp\SherlockHotB_CE.bat""
- %TEMP%\nsq9.tmp.dll
- %TEMP%\8.tmp\SherlockHotB_CE.bat
- %TEMP%\nsx7.tmp\System.dll
- <SYSTEM32>\bohofttrlxslyqw.exe
- %TEMP%\nsx7.tmp\Math.dll
- %TEMP%\nsx7.tmp\UAC.dll
- %TEMP%\sys.exe
- %TEMP%\locatr.exe
- %TEMP%\setup.exe
- %TEMP%\nsw6.tmp
- %TEMP%\nsq4.tmp\System.dll