Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Agent Windows Offline Location' = '%APPDATA%\uubrgxpqnts\dcywomntjj.exe'
- '%APPDATA%\uubrgxpqnts\ojukqacgqk.exe' "%APPDATA%\uubrgxpqnts\dcywomntjj.exe"
- '%APPDATA%\uubrgxpqnts\dcywomntjj.exe'
- %APPDATA%\uubrgxpqnts\dcywomntjj.binh
- %APPDATA%\uubrgxpqnts\ojukqacgqk.exe
- %APPDATA%\uubrgxpqnts\dcywomntjj.exe
- %APPDATA%\uubrgxpqnts\dcywomntjj.exe
- 'pl#####talthough.net':80
- 'ne#####ryalthough.net':80
- 'pl####ntperiod.net':80
- 'ne####arychoose.net':80
- 'di#####lthowever.net':80
- 'he####owever.net':80
- 'pl####ntchoose.net':80
- pl#####talthough.net/index.php?em######################################
- ne#####ryalthough.net/index.php?em######################################
- pl####ntperiod.net/index.php?em######################################
- ne####arychoose.net/index.php?em######################################
- di#####lthowever.net/index.php?em######################################
- he####owever.net/index.php?em######################################
- pl####ntchoose.net/index.php?em######################################
- DNS ASK pl#####talthough.net
- DNS ASK ne#####ryalthough.net
- DNS ASK pl####ntperiod.net
- DNS ASK ne####arychoose.net
- DNS ASK di#####lthowever.net
- DNS ASK he####owever.net
- DNS ASK pl####ntchoose.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'