Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Builder Copy Publication Image' = 'C:\yzdojepnuix\kxaqped.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Profile AutoConfig NGEN Net.Tcp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Profile AutoConfig NGEN Net.Tcp] 'ImagePath' = 'C:\yzdojepnuix\kxaqped.exe'
- %WINDIR%\yzdojepnuix\bjdr7sl1z
- C:\yzdojepnuix\bjdr7sl1z
- C:\yzdojepnuix\gln2fv7i6ym4opjff.exe
- C:\yzdojepnuix\kxaqped.exe
- C:\yzdojepnuix\bbogpczwkddd.exe
- C:\yzdojepnuix\ssmdrxpe
- C:\yzdojepnuix\kxaqped.exe
- C:\yzdojepnuix\bbogpczwkddd.exe
- %WINDIR%\yzdojepnuix\bjdr7sl1z
- C:\yzdojepnuix\gln2fv7i6ym4opjff.exe
- %WINDIR%\yzdojepnuix\bjdr7sl1z
- 'fo####meeting.net':80
- 'me####meeting.net':80
- 'fo####twenty.net':80
- 'me####twenty.net':80
- 'fo#####nderstood.net':80
- http://fo####meeting.net/index.php
- http://me####meeting.net/index.php
- http://fo####twenty.net/index.php
- http://me####twenty.net/index.php
- http://fo#####nderstood.net/index.php
- DNS ASK fo####meeting.net
- DNS ASK me####meeting.net
- DNS ASK fo####twenty.net
- DNS ASK me####twenty.net
- DNS ASK fo#####nderstood.net
- 'C:\yzdojepnuix\gln2fv7i6ym4opjff.exe'
- 'C:\yzdojepnuix\kxaqped.exe'
- 'C:\yzdojepnuix\bbogpczwkddd.exe' "c:\yzdojepnuix\kxaqped.exe"