Техническая информация
- %TEMP%\guqf296\setup_magiciso.exe
- %TEMP%\nsl1e88.tmp\nsisfile.dll
- %TEMP%\guqf296\vnk.exe
- %TEMP%\removalfile.bat
- %TEMP%\~glh0000.tmp
- %TEMP%\glga9f8.tmp
- %TEMP%\glka15f.tmp
- %CommonProgramFiles(x86)%\yazzle1848oinadmin.exe
- %TEMP%\glj9e33.tmp
- %WINDIR%\syswow64\nnnkihf.dll
- %TEMP%\guqf296\en.exe
- %TEMP%\nsw9473.tmp\dcryptdll.dll
- %TEMP%\guqf296\we.dat
- %TEMP%\guqf296\vnk.dat
- %TEMP%\guqf296\en.dat
- %TEMP%\glc9e22.tmp
- %TEMP%\mshtml2.exe
- %CommonProgramFiles(x86)%\yazzle1848oinadmin.exe
- %TEMP%\guqf296\en.exe
- %TEMP%\mshtml2.exe
- %TEMP%\nsl1e88.tmp\nsisfile.dll
- %TEMP%\~glh0000.tmp в %TEMP%\glface6.tmp
- 'fp.###erinfo.com':80
- DNS ASK fp.###erinfo.com
- '%TEMP%\guqf296\setup_magiciso.exe'
- '%TEMP%\guqf296\en.exe'
- '%TEMP%\guqf296\vnk.exe'
- '%CommonProgramFiles(x86)%\yazzle1848oinadmin.exe' -install -name "Yazzle1848" -userid 1848
- '%TEMP%\mshtml2.exe' -vt yazb -pid 5 -rid 99001848
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\removalfile.bat "%TEMP%\GUQF296\en.exe"' (со скрытым окном)
- '%WINDIR%\syswow64\rundll32.exe' ›CwOMGw,a
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\removalfile.bat "%TEMP%\GUQF296\en.exe"