Техническая информация
- %WINDIR%\Tasks\ms.job
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\home.lnk
- '%TEMP%\h8nil4o8\q.exe'
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\363o.dll"
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\363o.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\38fr.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\1dl3.dll"
- '<SYSTEM32>\regsvr32.exe' /u /s "<SYSTEM32>\efc6.dll"
- %TEMP%\u8sy1xt\tmp.exe
- %TEMP%\u8sy1xt\tmp.exe.tmp
- %TEMP%\u8sy1xt\_uninstall
- %TEMP%\h8nil4o8\3.dll
- %TEMP%\h8nil4o8\2.dll
- %TEMP%\u8sy1xt\2.tmp
- %TEMP%\h8nil4o8\b.dll
- %TEMP%\h8nil4o8\z.lz
- %TEMP%\h8nil4o8\p.dll
- %TEMP%\h8nil4o8\s.exe
- %TEMP%\h8nil4o8\q.exe
- %TEMP%\u8sy1xt\_uninstall
- %TEMP%\u8sy1xt\2.tmp
- %TEMP%\u8sy1xt\tmp.exe.tmp
- %TEMP%\h8nil4o8\2.dll в %WINDIR%\3b7u.bmp
- %TEMP%\h8nil4o8\b.dll в <SYSTEM32>\363o.dll
- %TEMP%\u8sy1xt\tmp.exe в %WINDIR%\Temp\tmp.exe
- %TEMP%\h8nil4o8\p.dll в <SYSTEM32>\3fde.dll