Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Remote Quality Registry Accounts WLAN' = 'C:\ybgzbpufdaqkcue\fcdwzwah.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Authentication Disk WebClient Hardware Bus] 'Start' = '00000002'
- 'C:\ybgzbpufdaqkcue\osviwdq.exe' "c:\ybgzbpufdaqkcue\fcdwzwah.exe"
- 'C:\ybgzbpufdaqkcue\fcdwzwah.exe'
- 'C:\ybgzbpufdaqkcue\ix3q5gwzjeuikmgjwvk.exe'
- C:\ybgzbpufdaqkcue\fcdwzwah.exe
- C:\ybgzbpufdaqkcue\osviwdq.exe
- C:\ybgzbpufdaqkcue\ix3q5gwzjeuikmgjwvk.exe
- %WINDIR%\ybgzbpufdaqkcue\xapdmr
- C:\ybgzbpufdaqkcue\xapdmr
- C:\ybgzbpufdaqkcue\osviwdq.exe
- C:\ybgzbpufdaqkcue\fcdwzwah.exe
- C:\ybgzbpufdaqkcue\ix3q5gwzjeuikmgjwvk.exe
- %WINDIR%\ybgzbpufdaqkcue\xapdmr
- 'be####ebeyond.net':80
- 'ex###tbeing.net':80
- 'be####ebeing.net':80
- 'st####thclose.net':80
- 'st###close.net':80
- 'ex####beyond.net':80
- http://be####ebeyond.net/index.php
- http://ex###tbeing.net/index.php
- http://be####ebeing.net/index.php
- http://st####thclose.net/index.php
- http://st###close.net/index.php
- http://ex####beyond.net/index.php
- DNS ASK ex###tbeing.net
- DNS ASK be####ebeing.net
- DNS ASK ex####forever.net
- DNS ASK be####ebeyond.net
- DNS ASK st####thclose.net
- DNS ASK st###close.net
- DNS ASK ex####beyond.net
- ClassName: 'Shell_TrayWnd' WindowName: ''