Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ordering Transaction Input Fax' = 'C:\ivutzxrnulvbx\ueowwwadyq.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Call Reports Now Defender Tools Layer] 'ImagePath' = 'C:\ivutzxrnulvbx\ueowwwadyq.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Call Reports Now Defender Tools Layer] 'Start' = '00000002'
- C:\ivutzxrnulvbx\ueowwwadyq.exe
- C:\ivutzxrnulvbx\ejfnuhifkght.exe
- C:\ivutzxrnulvbx\mcqcfqtq0s
- %WINDIR%\ivutzxrnulvbx\nghmnhsdz
- C:\ivutzxrnulvbx\nghmnhsdz
- C:\ivutzxrnulvbx\o751gjlnxjcas0fk.exe
- C:\ivutzxrnulvbx\ejfnuhifkght.exe
- C:\ivutzxrnulvbx\ueowwwadyq.exe
- C:\ivutzxrnulvbx\o751gjlnxjcas0fk.exe
- %WINDIR%\ivutzxrnulvbx\nghmnhsdz
- %WINDIR%\ivutzxrnulvbx\nghmnhsdz
- 'hu####dstrike.net':80
- 'jo####ypartial.net':80
- 'hu####dposition.net':80
- 'jo####ystrike.net':80
- http://hu####dstrike.net/index.php
- http://jo####ypartial.net/index.php
- http://hu####dposition.net/index.php
- http://jo####ystrike.net/index.php
- DNS ASK jo####ypartial.net
- DNS ASK hu####dpartial.net
- DNS ASK hu####dstrike.net
- DNS ASK hu####dposition.net
- DNS ASK jo####ystrike.net
- 'C:\ivutzxrnulvbx\ejfnuhifkght.exe' "c:\ivutzxrnulvbx\ueowwwadyq.exe"
- 'C:\ivutzxrnulvbx\ueowwwadyq.exe'
- 'C:\ivutzxrnulvbx\o751gjlnxjcas0fk.exe'