Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'mHiUsgnancQ' = '<SYSTEM32>\zolH.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'mHiUsgnancQ' = '<SYSTEM32>\zolH.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'mHiUsgnancQ' = '<SYSTEM32>\zolH.exe'
- <SYSTEM32>\zolH.exe
- <SYSTEM32>\zolH.exe
- <Текущая директория>\NMTHMIIa.bat
- <SYSTEM32>\MSWINSCK.ocx
- <Текущая директория>\NMTHMIIa.bat
- <SYSTEM32>\zolH.exe
- %TEMP%\~DF50BC.tmp
- '12#.#88.232.229':8321
- 'ja#####ate.woobi.co.kr':80
- ja#####ate.woobi.co.kr/Down/MSWINSCK.OCX
- DNS ASK ja#####ate.woobi.co.kr
- ClassName: '' WindowName: '???? - V3 Lite'
- ClassName: '' WindowName: '?????? ??'
- ClassName: '' WindowName: 'Kernel Detective v1.4.0 :: zolH.exe'
- ClassName: '' WindowName: 'zolH.exe ??'
- ClassName: '' WindowName: 'Process Hacker [CRNJEUFU\%USERNAME%]'
- ClassName: '' WindowName: 'Process Explorer - Sysinternals: www.sysinternals.com'
- ClassName: '' WindowName: '???? ???? ???'
- ClassName: '' WindowName: '???? ??'
- ClassName: '' WindowName: '?????? v 1.91'
- ClassName: '' WindowName: '?????? v 2.1'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: '??? ?? ??'
- ClassName: '' WindowName: 'Kernel Detective v1.4.0 :: System Idle Process'
- ClassName: '' WindowName: '???? [EzClean]'
- ClassName: '' WindowName: '????'