Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '%ProgramFiles%\SQL\sql.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{7227J4AS-8V38-CO1G-5X85-2E764G1SA0L7}] 'StubPath' = '%ProgramFiles%\SQL\sql.exe Restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cBcnhziFpz' = '%APPDATA%\KghqAvY.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Policies' = '%ProgramFiles%\SQL\sql.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = '%ProgramFiles%\SQL\sql.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '%ProgramFiles%\SQL\sql.exe'
- '%ProgramFiles%\SQL\sql.exe'
- '<SYSTEM32>\svchost.exe'
- '%TEMP%\trwh.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\88E6680F\ak.tmp
- %TEMP%\%USERNAME%2.txt
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%7
- %TEMP%\trwh.exe
- %APPDATA%\KghqAvY.exe
- %ProgramFiles%\SQL\sql.exe
- %TEMP%\iSZh.xY
- %ProgramFiles%\SQL\sql.exe
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%2.txt
- %TEMP%\trwh.exe
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%7
- 'bi####.hopto.org':434
- DNS ASK bi####.hopto.org
- ClassName: 'Shell_TrayWnd' WindowName: ''