Техническая информация
- [<HKCU>\software\microsoft\windows\currentversion\run] 'VUAAgAYQ.exe' = '%HOMEPATH%\MiEQgEIs\VUAAgAYQ.exe'
- [<HKLM>\System\CurrentControlSet\Services\sUEYgkNc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\sUEYgkNc] 'ImagePath' = '%ALLUSERSPROFILE%\sasMMgUQ\WGQEMYoA.exe'
- 'sUEYgkNc' %ALLUSERSPROFILE%\sasMMgUQ\WGQEMYoA.exe
- %HOMEPATH%\mieqgeis\vuaagayq
- %ALLUSERSPROFILE%\bmyukwkq\ziayemcc
- %HOMEPATH%\mieqgeis\vuaagayq.exe
- %ALLUSERSPROFILE%\sasmmguq\wgqemyoa.exe
- %ALLUSERSPROFILE%\tumw.txt
- %WINDIR%\syswow64\config\systemprofile\mieqgeis\vuaagayq
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'zIAYEMcc.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\mieqgeis\vuaagayq.exe'
- '%ALLUSERSPROFILE%\sasmmguq\wgqemyoa.exe'