Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Avrdma uqmzmc] 'Start' = '00000002'
- '%PROGRAM_FILES%\Xqkiuzg.exe'
- 'C:\Mgaeec.exe'
- '<SYSTEM32>\wscript.exe' "C:\732.vbs"
- '<SYSTEM32>\wscript.exe' "C:\3839.vbs"
- ClassName: 'OLLYDBG' WindowName: '(null)'
- ClassName: 'FileMonClass' WindowName: '(null)'
- %PROGRAM_FILES%\Xqkiuzg.exe
- C:\732.vbs
- C:\Mgaeec.exe
- C:\3839.vbs
- C:\732.vbs
- C:\Mgaeec.exe
- C:\3839.vbs
- 'www.34##9.com':2014
- DNS ASK www.34##9.com
- ClassName: '18467-41' WindowName: '(null)'