Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Encrypting Defender Extensible Portable Gateway' = '<SYSTEM32>\izlbhrghwz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Quality Power Backup Ordering] 'Start' = '00000002'
- Центр обеспечения безопасности (Security Center)
- '<SYSTEM32>\durlpib.exe' "<SYSTEM32>\izlbhrghwz.exe"
- '%WINDIR%\Temp\USAGSSY3XADTDHD.EXE' -r 46093 tcp
- '%TEMP%\USAGSSY32K1TDHZG9KUTJN.EXE'
- '<SYSTEM32>\izlbhrghwz.exe'
- <SYSTEM32>\safuvyiuv\run
- <SYSTEM32>\safuvyiuv\rng
- %WINDIR%\Temp\USAGSSY3XADTDHD.EXE
- <SYSTEM32>\safuvyiuv\cfg
- <SYSTEM32>\durlpib.exe
- %TEMP%\USAGSSY32K1TDHZG9KUTJN.EXE
- <SYSTEM32>\safuvyiuv\tst
- <SYSTEM32>\izlbhrghwz.exe
- <SYSTEM32>\safuvyiuv\etc
- <SYSTEM32>\durlpib.exe
- <SYSTEM32>\izlbhrghwz.exe
- %WINDIR%\Temp\USAGSSY3XADTDHD.EXE
- <DRIVERS>\etc\hosts
- %TEMP%\USAGSSY32K1TDHZG9KUTJN.EXE
- DNS ASK ad#####edmtleaps.com
- DNS ASK oa####vomurates.com
- DNS ASK me#####gintheway.com
- DNS ASK pe####ersonals.com
- DNS ASK tr###telost.com
- DNS ASK tr###entral.com
- DNS ASK hi###anblog.com
- DNS ASK tr###telist.com
- '23#.#55.255.250':1900