Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Log UPnP List Hardware Routing Play Background' = '<SYSTEM32>\yprqrassuf.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\yprqrassuf.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\Wired NGEN PNRP Power Net.Tcp Mapper Endpoint] 'Start' = '00000002'
- Центр обеспечения безопасности (Security Center)
- '<SYSTEM32>\hqqtyfmj.exe' "<SYSTEM32>\yprqrassuf.exe"
- '%WINDIR%\Temp\nzgcqe40orga.exe' -r 21754 tcp
- '%TEMP%\nzgcqe3n99glyciguu.exe'
- '<SYSTEM32>\yprqrassuf.exe'
- <SYSTEM32>\ndvqgoonsef\run
- <SYSTEM32>\ndvqgoonsef\rng
- <SYSTEM32>\ndvqgoonsef\cfg
- <SYSTEM32>\ndvqgoonsef\por
- %WINDIR%\Temp\nzgcqe40orga.exe
- %TEMP%\nzgcqe3n99glyciguu.exe
- <SYSTEM32>\ndvqgoonsef\tst
- <SYSTEM32>\ndvqgoonsef\etc
- <SYSTEM32>\hqqtyfmj.exe
- <SYSTEM32>\yprqrassuf.exe
- <SYSTEM32>\hqqtyfmj.exe
- <SYSTEM32>\yprqrassuf.exe
- %WINDIR%\Temp\nzgcqe40orga.exe
- %TEMP%\nzgcqe3n99glyciguu.exe
- <DRIVERS>\etc\hosts
- 'mu###hade.net':80
- 'am###stol.com':80
- 'mu###loor.net':80
- 'pi###floor.net':80
- 'el#####arimagine.com':80
- 'do####club-grup.com':80
- 'mo###uia.com':80
- 'mo###itio.com':80
- mu###hade.net/forum/search.php?me#########################################
- am###stol.com/forum/search.php?me#########################################
- mu###loor.net/forum/search.php?me#########################################
- pi###floor.net/forum/search.php?me#########################################
- el#####arimagine.com/forum/search.php?me#########################################
- do####club-grup.com/forum/search.php?me#########################################
- mo###uia.com/forum/search.php?me#########################################
- mo###itio.com/forum/search.php?me#########################################
- DNS ASK pi###floor.net
- DNS ASK mu###hade.net
- DNS ASK am###stol.com
- DNS ASK ta###hrew.net
- DNS ASK wa###hrew.net
- DNS ASK mu###loor.net
- DNS ASK vi###mojo.com
- DNS ASK el#####arimagine.com
- DNS ASK do####club-grup.com
- DNS ASK ja###uter.com
- DNS ASK mo###uia.com
- DNS ASK mo###itio.com
- '23#.#55.255.250':1900