Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'etiwunat' = '"%WINDIR%\fqcwyviz.exe"'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook]
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Internet Account Manager]
- [<HKLM>\Software\Microsoft\Internet Account Manager]
- [<HKCU>\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings]
- %ALLUSERSPROFILE%\Application Data\ypofiqosocaxokyw\olosebum
- %TEMP%\nsx2.tmp\System.dll
- %TEMP%\Blowfish.dll
- %ALLUSERSPROFILE%\Application Data\ypofiqosocaxokyw\iposasum
- %ALLUSERSPROFILE%\Application Data\ypofiqosocaxokyw\igosyhum
- %WINDIR%\fqcwyviz.exe
- %TEMP%\varargs.h
- %TEMP%\qedit.h
- %TEMP%\BUTTON.HTM
- %TEMP%\SobAntirust.X
- %TEMP%\io_iter.cpp
- %TEMP%\istbufit.cpp
- 'it####o.ordest.org':443
- '15#.35.32.5':443
- DNS ASK it####o.ordest.org