Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Copy TP Mapper Certificate Card Problem' = 'C:\besgdgxbq\lhralpphl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Storage Font Logon Bluetooth Problem Fax] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Storage Font Logon Bluetooth Problem Fax] 'ImagePath' = 'C:\besgdgxbq\lhralpphl.exe'
- %WINDIR%\besgdgxbq\vvmygizpjci
- C:\besgdgxbq\vvmygizpjci
- C:\besgdgxbq\qegq3ah6jshkgutycis.exe
- C:\besgdgxbq\lhralpphl.exe
- C:\besgdgxbq\jyhidcuqrl.exe
- C:\besgdgxbq\rtupzvhe
- C:\besgdgxbq\lhralpphl.exe
- C:\besgdgxbq\jyhidcuqrl.exe
- %WINDIR%\besgdgxbq\vvmygizpjci
- C:\besgdgxbq\qegq3ah6jshkgutycis.exe
- %WINDIR%\besgdgxbq\vvmygizpjci
- 'pi####ebrought.net':80
- 'ci#####tebrought.net':80
- 'ch####enmethod.net':80
- 'fa####method.net':80
- 'ch####enaction.net':80
- 'fa####action.net':80
- http://pi####ebrought.net/index.php
- http://ci#####tebrought.net/index.php
- http://ch####enmethod.net/index.php
- http://fa####method.net/index.php
- http://ch####enaction.net/index.php
- http://fa####action.net/index.php
- DNS ASK pi####ebrought.net
- DNS ASK ci#####tebrought.net
- DNS ASK ch####enmethod.net
- DNS ASK fa####method.net
- DNS ASK ch####enaction.net
- DNS ASK fa####action.net
- DNS ASK ch####endirect.net
- 'C:\besgdgxbq\qegq3ah6jshkgutycis.exe'
- 'C:\besgdgxbq\lhralpphl.exe'
- 'C:\besgdgxbq\jyhidcuqrl.exe' "c:\besgdgxbq\lhralpphl.exe"