Техническая информация
- [<HKCU>\software\microsoft\windows\currentversion\run] 'hwMcYQAE.exe' = '%HOMEPATH%\IYUQgsYA\hwMcYQAE.exe'
- [<HKLM>\System\CurrentControlSet\Services\tQYgEYqU] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\tQYgEYqU] 'ImagePath' = '%ALLUSERSPROFILE%\tgocwMgw\uOQUQocU.exe'
- 'tQYgEYqU' %ALLUSERSPROFILE%\tgocwMgw\uOQUQocU.exe
- %HOMEPATH%\iyuqgsya\hwmcyqae
- %ALLUSERSPROFILE%\fskmsgoa\qocoyioa
- %HOMEPATH%\iyuqgsya\hwmcyqae.exe
- %ALLUSERSPROFILE%\tgocwmgw\uoquqocu.exe
- %WINDIR%\syswow64\config\systemprofile\iyuqgsya\hwmcyqae
- %ALLUSERSPROFILE%\vgcm.txt
- <Текущая директория>\wmgw.ico
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'qocoYIoA.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\iyuqgsya\hwmcyqae.exe'
- '%ALLUSERSPROFILE%\tgocwmgw\uoquqocu.exe'