Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinSysQQ' = '%TEMP%\prints670.exe'
- '%TEMP%\prints670.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\Deleteme.bat
- %TEMP%\RCX4.tmp
- %TEMP%\prints670.exe
- %TEMP%\Deleteme.bat
- %TEMP%\RCX3.tmp
- %TEMP%\ntshruis670.dll
- %TEMP%\RCX1.tmp
- %TEMP%\RCX2.tmp
- %TEMP%\prints670.exe
- %TEMP%\ntshruis670.dll
- %TEMP%\ntshruis670.dll
- %TEMP%\RCX3.tmp в %TEMP%\ntshruis670.dll
- %TEMP%\RCX4.tmp в %TEMP%\ntshruis670.dll
- %TEMP%\RCX1.tmp в %TEMP%\ntshruis670.dll
- %TEMP%\RCX2.tmp в %TEMP%\ntshruis670.dll
- '9.##edu.com':55
- DNS ASK 9.##edu.com