Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{rqyzezsw-vfeg-fmqx-asqp-xvtxxwtwasda}] 'stubpath' = ''
- 'C:\Server2.exe'
- '<SYSTEM32>\inzloqpih.exe' ZhuDong
- 'C:\server.exe'
- 'C:\јµзБѕЗХЗЩ.exe'
- 'C:\јµзЗЩ.dll.exe'
- '<SYSTEM32>\ntvdm.exe' -f -i2
- '<SYSTEM32>\ntvdm.exe' -f -i1
- C:\Server2.exe
- <SYSTEM32>\inzloqpih.exe
- %WINDIR%\Temp\scs7.tmp
- C:\Server2.exe
- %TEMP%\410734_res.tmp
- <SYSTEM32>\inzloqpih.exe_lang.ini
- %WINDIR%\Temp\scs6.tmp
- C:\јµзЗЩ.dll.exe
- C:\¤±¤±.exe
- C:\јµзБѕЗХЗЩ.exe
- C:\server.exe
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs7.tmp
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs4.tmp
- %TEMP%\410734_res.tmp в %TEMP%\411843_lang.dll
- '11#.#99.146.143':80
- DNS ASK bl##.naver.com
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ba8.bac.390002'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b70.b74.380001'