Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Builder SSDP Adaptive Time Client] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Builder SSDP Adaptive Time Client] 'ImagePath' = 'C:\rgvtf3p\cnemk9xwdh.exe'
- %WINDIR%\rgvtf3p\mqxezepsi
- C:\rgvtf3p\mqxezepsi
- C:\rgvtf3p\pbjlkjen29rd5qhfkg8d.exe
- C:\rgvtf3p\cnemk9xwdh.exe
- C:\rgvtf3p\b1hxs3me.exe
- C:\rgvtf3p\gyiwibx
- C:\rgvtf3p\cnemk9xwdh.exe
- C:\rgvtf3p\b1hxs3me.exe
- %WINDIR%\rgvtf3p\mqxezepsi
- C:\rgvtf3p\pbjlkjen29rd5qhfkg8d.exe
- %WINDIR%\rgvtf3p\mqxezepsi
- 'bu####rmansion.com':80
- 'na##top.ru':80
- 'ca#####eeitinthecup.org':80
- 'so####ryducks.com':80
- 'cl#####ortswomen.com':80
- http://cl####portsmen.com/index.php
- http://sp##tnav.ru/index.php
- DNS ASK ag#####anabolics.com
- DNS ASK gr###factory.cn
- DNS ASK gu##155.cn
- DNS ASK pr##card.ru
- DNS ASK cl####portsmen.com
- DNS ASK to###tosales.ru
- DNS ASK ga#####yundongyuan.cn
- DNS ASK sp##tnav.ru
- DNS ASK ch####isportsmen.ru
- DNS ASK bu####rmansion.com
- DNS ASK ka#######ayajivayapriroda.ru
- DNS ASK ye####gdongwu.cn
- DNS ASK na##top.ru
- DNS ASK ca#####eeitinthecup.org
- DNS ASK so####ryducks.com
- DNS ASK cl#####ortswomen.com
- 'C:\rgvtf3p\pbjlkjen29rd5qhfkg8d.exe'
- 'C:\rgvtf3p\cnemk9xwdh.exe'
- 'C:\rgvtf3p\b1hxs3me.exe' "c:\rgvtf3p\cnemk9xwdh.exe"