Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\wuauserv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\wuauserv\Parameters] 'ServiceDll' = '<SYSTEM32>\txsnhbsh\iyrqhawn.dll'
- %WINDIR%\88E668D6\88E668D6
- %TEMP%\1.tmp
- %HOMEPATH%\Desktop\°ІИ«НшЦ·.url
- %TEMP%\pdpvndivfk.tmp
- %APPDATA%\Mint\ds.cache
- %APPDATA%\Mint\dem.cache
- <SYSTEM32>\txsnhbsh\iyrqhawn.dll
- <SYSTEM32>\PsLangue.dat
- %TEMP%\pdpvndivfk.tmp
- %TEMP%\1.tmp
- 'pl#.#w-wd.com':80
- 'do##.#meida-edu.com':80
- http://pl#.#w-wd.com/dh.url
- http://do##.#meida-edu.com/Lsvr.dat
- http://do##.#meida-edu.com/dem.ini
- DNS ASK pl#.#w-wd.com
- DNS ASK do##.#meida-edu.com