Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'hdimages' = '%ALLUSERSPROFILE%\hdimages.exe'
- '%APPDATA%\mkyzpzdh.exe'
- hdimages.exe
- %APPDATA%\mkyzpzdh.exe
- %ALLUSERSPROFILE%\hdimages.exe
- 'e-###airies.gr':80
- http://www.e-###airies.gr/wpcontentes/okonsflsnfjfnkjghkjwoiwihgtkkhjbwnebnbgtjet/bizbbxixgdfafac.exe
- DNS ASK e-###airies.gr
- '%ALLUSERSPROFILE%\hdimages.exe'