Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{f92B23AB-p5EG-eA3E-Vxr3-0000F87A469H}] 'StubPath' = '%APPDATA%\BKgsKb\4i9OOd.exe'
- %WINDIR%\syswow64\svchost.exe
- %WINDIR%\fonts\runqiu.ttf
- %WINDIR%\fonts\rqid.ttf
- %APPDATA%\bkgskb\4i9ood.exe
- %APPDATA%\bkgskb\liveudhelper.dll
- %WINDIR%\fonts\hanqiusheng.ttf
- DNS ASK da##.#unqiusoft.com
- '%WINDIR%\syswow64\svchost.exe'