Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Bhzxo' = '"%APPDATA%\Rehdwfej\Bhzxo.exe"'
- %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe
- %APPDATA%\rehdwfej\bhzxo.exe
- '31.#2.177.7':80
- http://31.#2.177.7/Process/8temptemporary8/Flower/Protect/0protonAsync/JsMulti/2CentralflowerAsync/8Central/3wp2To/videopipeLongpollProtectBase.php?I2###########################################...
- http://31.#2.177.7/Process/8temptemporary8/Flower/Protect/0protonAsync/JsMulti/2CentralflowerAsync/8Central/3wp2To/videopipeLongpollProtectBase.php?gs###########################################...
- '%WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe'