Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Time Launcher Protection Logon Group' = 'C:\sckrenvdegvg\zkfwukyfqc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Tracking Key Adaptive SNMP List Topology Remote] 'ImagePath' = 'C:\sckrenvdegvg\zkfwukyfqc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Tracking Key Adaptive SNMP List Topology Remote] 'Start' = '00000002'
- C:\sckrenvdegvg\zkfwukyfqc.exe
- C:\sckrenvdegvg\tusnrvfnld.exe
- C:\sckrenvdegvg\c9dtwncsiy
- %WINDIR%\sckrenvdegvg\vkdbfxzk5
- C:\sckrenvdegvg\vkdbfxzk5
- C:\sckrenvdegvg\vf2ihtdmpfltxjmycds.exe
- C:\sckrenvdegvg\tusnrvfnld.exe
- C:\sckrenvdegvg\zkfwukyfqc.exe
- C:\sckrenvdegvg\vf2ihtdmpfltxjmycds.exe
- %WINDIR%\sckrenvdegvg\vkdbfxzk5
- %WINDIR%\sckrenvdegvg\vkdbfxzk5
- 'do####childhood.net':80
- 'pr####childhood.net':80
- 'do####object.net':80
- 'pr####object.net':80
- http://do####childhood.net/index.php
- http://pr####childhood.net/index.php
- http://do####object.net/index.php
- http://pr####object.net/index.php
- DNS ASK pr####childhood.net
- DNS ASK fe####station.net
- DNS ASK do####childhood.net
- DNS ASK do####object.net
- DNS ASK pr####object.net
- 'C:\sckrenvdegvg\tusnrvfnld.exe' "c:\sckrenvdegvg\zkfwukyfqc.exe"
- 'C:\sckrenvdegvg\zkfwukyfqc.exe'
- 'C:\sckrenvdegvg\vf2ihtdmpfltxjmycds.exe'