Техническая информация
- [<HKCU>\software\microsoft\windows\currentversion\run] 'LgYAQwEM.exe' = '%HOMEPATH%\kgocIQgo\LgYAQwEM.exe'
- [<HKLM>\System\CurrentControlSet\Services\HcMIcgrj] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\HcMIcgrj] 'ImagePath' = '%ALLUSERSPROFILE%\iqccYAUY\mWsoUMoQ.exe'
- 'HcMIcgrj' %ALLUSERSPROFILE%\iqccYAUY\mWsoUMoQ.exe
- %HOMEPATH%\kgociqgo\lgyaqwem
- %ALLUSERSPROFILE%\xiiiuaem\iykyqway
- %HOMEPATH%\kgociqgo\lgyaqwem.exe
- %ALLUSERSPROFILE%\iqccyauy\mwsoumoq.exe
- %WINDIR%\syswow64\config\systemprofile\kgociqgo\lgyaqwem
- <Текущая директория>\aqws.exe
- <Текущая директория>\aqws.exe
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'iYkYQwAY.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\kgociqgo\lgyaqwem.exe'
- '%ALLUSERSPROFILE%\iqccyauy\mwsoumoq.exe'