Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'kLyOsWp' = '%WINDIR%\rJyIgEu.exe'
- %WINDIR%\syswow64\cmd.exe
- %WINDIR%\syswow64\active_desktop_render.dll
- %WINDIR%\dngriwt.dll
- %WINDIR%\active_desktop_render.dll
- %WINDIR%\rjyigeu.exe
- %WINDIR%\syswow64\active_desktop_render.dll в %TEMP%\1088031\....\temporaryfile
- 'localhost':4300
- http://ha#.#30000.cc/v1.txt
- http://ha#.#30000.cc/v2.txt
- DNS ASK ha#.#30000.cc
- DNS ASK lo######t.ptlogin2.qq.com
- '%WINDIR%\syswow64\regsvr32.exe' %WINDIR%\dNgRiWt.dll /s
- '%WINDIR%\syswow64\cmd.exe'