Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Management TCP/IP Process Print System' = '<SYSTEM32>\nyxdzsmpfji.exe'
- [<HKLM>\System\CurrentControlSet\Services\Quality Reports Transaction CardSpace] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Quality Reports Transaction CardSpace] 'ImagePath' = '<SYSTEM32>\nyxdzsmpfji.exe'
- Центр обеспечения безопасности (Security Center)
- <SYSTEM32>\kadzsyr\tst
- %TEMP%\nfhtchhd2pm1atg1yaqlvswj.exe
- <SYSTEM32>\nyxdzsmpfji.exe
- <SYSTEM32>\ydykosezfjn.exe
- <SYSTEM32>\kadzsyr\rng
- <SYSTEM32>\kadzsyr\run
- <SYSTEM32>\kadzsyr\cfg
- %WINDIR%\temp\nfhtchhh5bgc8tg1y.exe
- <SYSTEM32>\nyxdzsmpfji.exe
- <SYSTEM32>\ydykosezfjn.exe
- %TEMP%\nfhtchhd2pm1atg1yaqlvswj.exe
- %WINDIR%\temp\nfhtchhh5bgc8tg1y.exe
- DNS ASK do####object.net
- DNS ASK br###nthird.net
- DNS ASK mi####pecial.net
- DNS ASK ri###nstorm.net
- '23#.#55.255.250':1900
- '%TEMP%\nfhtchhd2pm1atg1yaqlvswj.exe'
- '<SYSTEM32>\nyxdzsmpfji.exe'
- '<SYSTEM32>\ydykosezfjn.exe' "<SYSTEM32>\nyxdzsmpfji.exe"
- '%WINDIR%\temp\nfhtchhh5bgc8tg1y.exe' -r 24671 tcp
- '%WINDIR%\temp\nfhtchhh5bgc8tg1y.exe' -r 24671 tcp' (со скрытым окном)