Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\eiijmwfphfuowrv.irs] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\eiijmwfphfuowrv.irs] 'ImagePath' = '%WINDIR%\SysWOW64\rundll32.exe "%WINDIR%\SysWOW64\Hnppzqzynjeyoose\eiijmwfphfuowrv.irs",MDFIhBn'
- 'eiijmwfphfuowrv.irs' %WINDIR%\SysWOW64\rundll32.exe "%WINDIR%\SysWOW64\Hnppzqzynjeyoose\eiijmwfphfuowrv.irs",MDFIhBn
- из <Полный путь к файлу> в %WINDIR%\syswow64\hnppzqzynjeyoose\eiijmwfphfuowrv.irs
- '84.##2.229.24':80
- http://84.##2.229.24/hdp5radff3/p380qrnrnr1mzz/8t4gn/
- '%WINDIR%\syswow64\rundll32.exe' "<Полный путь к файлу>",#1
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\SysWOW64\Hnppzqzynjeyoose\eiijmwfphfuowrv.irs",mpzo
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\SysWOW64\Hnppzqzynjeyoose\eiijmwfphfuowrv.irs",#1