Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msedit' = '%ALLUSERSPROFILE%\Application Data\msedit\BXWyf.exe.exe'
- %ALLUSERSPROFILE%\Application Data\msedit\BXWyf.exe.exe -wait
- %HOMEPATH%\Templates\BXWyf.exe.exe
- %ALLUSERSPROFILE%\Application Data\msedit\BXWyf.exe.exe
- %HOMEPATH%\Templates\BXWyf.exe.exe
- %ALLUSERSPROFILE%\Application Data\msedit\BXWyf.exe.exe
- 'hf##jy.ru':80
- hf##jy.ru/data1/stat.php
- DNS ASK hf##jy.ru
- ClassName: '' WindowName: 'Restoring access to WMID'
- ClassName: '' WindowName: '?????????????? ??????? ? WMID'