Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pmshdkes' = '%APPDATA%\pmshdkes\fyomlice.vbs'
- wmplayer.exe
- %APPDATA%\pmshdkes\fyomlice.vbs
- %APPDATA%\pmshdkes\xphtnnkj.exe
- %APPDATA%\pmshdkes\brkkfstl.ps1
- %APPDATA%\pmshdkes\mfvcjdqy.vbs
- %TEMP%\~TM1.tmp
- %ALLUSERSPROFILE%\Application Data\kdgihdcp.log
- <LS_APPDATA>\wcxnjluo.log
- %APPDATA%\pmshdkes\mfvcjdqy.vbs
- %TEMP%\~TM1.tmp
- 'yg####dsclptuo.eu':442
- 'pb###gmvknw.eu':442
- 'hm###rstrgid.eu':442
- 'ns###klcmr.eu':442
- 'ti#####vcghknnfceqn.eu':442
- 'gv##jsfi.eu':442
- 've#####wnwwdybmip.eu':442
- 'cb#####dtwrmdtphghq.eu':442
- '12#.#25.114.144':80
- 'me###mqsynot.eu':442
- 'of###qtlmm.eu':442
- 'uc#####kikailwuvg.eu':442
- 're#####cntppxvjiqep.eu':442
- 'yx###ekrf.eu':442
- DNS ASK ve#####wnwwdybmip.eu
- DNS ASK gv##jsfi.eu
- DNS ASK yg####dsclptuo.eu
- DNS ASK ns###klcmr.eu
- DNS ASK ti#####vcghknnfceqn.eu
- DNS ASK cw#####tbeachtlfno.eu
- DNS ASK ho####stfuxpoq.eu
- DNS ASK fh####xthpbxsmt.eu
- DNS ASK pb###gmvknw.eu
- DNS ASK cb#####dtwrmdtphghq.eu
- DNS ASK of###qtlmm.eu
- DNS ASK me###mqsynot.eu
- DNS ASK ba##u.com
- DNS ASK uc#####kikailwuvg.eu
- DNS ASK hm###rstrgid.eu
- DNS ASK yx###ekrf.eu
- DNS ASK re#####cntppxvjiqep.eu
- '<SYSTEM32>\wscript.exe' "%APPDATA%\pmshdkes\mfvcjdqy.vbs"
- '%ProgramFiles%\Windows Media Player\wmplayer.exe'