Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UPnP RPC System Keying User-mode' = 'C:\vnqpghmiciyv\qzexwcdr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Shadow Cryptographic Netlogon] 'Start' = '00000002'
- 'C:\vnqpghmiciyv\yttkqpuwakqy.exe' "c:\vnqpghmiciyv\qzexwcdr.exe"
- 'C:\vnqpghmiciyv\qzexwcdr.exe'
- 'C:\vnqpghmiciyv\m0q5bnbzioghxzn7z.exe'
- C:\vnqpghmiciyv\qzexwcdr.exe
- C:\vnqpghmiciyv\yttkqpuwakqy.exe
- C:\vnqpghmiciyv\m0q5bnbzioghxzn7z.exe
- %WINDIR%\vnqpghmiciyv\l2ptj4hz
- C:\vnqpghmiciyv\l2ptj4hz
- C:\vnqpghmiciyv\yttkqpuwakqy.exe
- C:\vnqpghmiciyv\qzexwcdr.exe
- C:\vnqpghmiciyv\m0q5bnbzioghxzn7z.exe
- %WINDIR%\vnqpghmiciyv\l2ptj4hz
- 'pr####enature.net':80
- http://pr####enature.net/index.php
- DNS ASK de####needle.net
- DNS ASK pr####eenough.net
- DNS ASK pr####eneedle.net
- DNS ASK pr####enature.net
- DNS ASK de####nature.net
- ClassName: 'Shell_TrayWnd' WindowName: ''