Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{0049C945-A29D-0688-BA39-32653EBD2F72}' = '"%APPDATA%\Qeimw\fiutv.exe"'
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\cmd.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1609' = '00000000'
- %APPDATA%\Qeimw\fiutv.exe
- %APPDATA%\Feyv\gezya.acr
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\config[1].bin
- %TEMP%\tmpb1bd985b.bat
- <Полный путь к файлу>
- 'nl#.kz':80
- http://nl#.kz/7843t35thy24yuu6yuy7u/config.bin
- DNS ASK nl#.kz
- '%APPDATA%\Qeimw\fiutv.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\tmpb1bd985b.bat"