Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\EOF] 'ImagePath' = '%ProgramFiles%\483439ee973f587d9bb1ffe33f27b80f\EOF.exe -s'
- [<HKLM>\SYSTEM\ControlSet001\Services\EOF] 'Start' = '00000002'
- '%ProgramFiles%\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe' --set_windows_hook --dll_name="dlqwfu.dll" --dll_name_64="invalid" --dll_folder="1ea26074a12fc219940785426fea2a51\\"
- '%ProgramFiles%\483439ee973f587d9bb1ffe33f27b80f\EOF.exe' -s
- %ProgramFiles%\483439ee973f587d9bb1ffe33f27b80f\1ea26074a12fc219940785426fea2a51\dlqwfu.dll
- %ProgramFiles%\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe
- %TEMP%\Ima1.tmp
- %ProgramFiles%\483439ee973f587d9bb1ffe33f27b80f\2bb5f6d28110d5658f2a97b7bca87478.exe
- %ProgramFiles%\483439ee973f587d9bb1ffe33f27b80f\Yrrehs.zip
- %ProgramFiles%\483439ee973f587d9bb1ffe33f27b80f\EOF.exe
- %ProgramFiles%\483439ee973f587d9bb1ffe33f27b80f\ae44a3f6f1a442fbc8f1618428f0e800
- %ProgramFiles%\483439ee973f587d9bb1ffe33f27b80f\8f81900e0e7f01f78c1eb6d6a3f17191
- %TEMP%\Ima1.tmp