Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Uvwxya Cdefghij Lmn] 'Start' = '00000002'
- 'C:\busuqi.exe'
- '%WINDIR%\aera.exe'
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\rgun.bat" "
- C:\busuqi.exe
- %WINDIR%\kfdwr
- %WINDIR%\rgun.bat
- %WINDIR%\aera.exe
- %WINDIR%\kfdwr в %WINDIR%\aera.exe
- 'zh####1314.oicp.net':8750
- DNS ASK zh####1314.oicp.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''