Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Nationalqma] 'Start' = '00000002'
- '<SYSTEM32>\jwdvwy.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %TEMP%\WER2bc3.dir00\appcompat.txt
- %TEMP%\WER2bc3.dir00\manifest.txt
- %TEMP%\WER2bc3.dir00\jwdvwy.exe.hdmp
- <SYSTEM32>\jwdvwy.exe
- %TEMP%\WER2bc3.dir00\jwdvwy.exe.mdmp
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'any':8080
- 'bu#####lyxb.f3322.org':8080
- 'bu#####lyxb.f3322.rog':8080
- DNS ASK bu#####lyxb.f3322.org
- DNS ASK bu#####lyxb.f3322.rog