Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}] 'DLLName' = '<SYSTEM32>\pfeacep-asex.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}] 'Startup' = 'Startup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe] 'Debugger' = '<SYSTEM32>\ingeapoog.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{43524E4A-4555-4655-4352-4E4A45554655}] 'StubPath' = '<SYSTEM32>\bkogoar-usom.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\idguxem-oumum.exe' = '<SYSTEM32>\idguxem-oumum.exe:*:Enabled:Windows Internet Access'
- '<SYSTEM32>\idguxem-oumum.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\winlogon.exe
- opera.exe
- iexplore.exe
- firefox.exe
- %APPDATA%\shc2.tmp
- %APPDATA%\shc3.tmp
- %APPDATA%\shc4.tmp
- %APPDATA%\shc5.tmp
- %APPDATA%\ifceadac-eafoot.dll
- <SYSTEM32>\ingeapoog.exe
- <SYSTEM32>\idguxem-oumum.exe
- <SYSTEM32>\bkogoar-usom.exe
- <SYSTEM32>\pfeacep-asex.dll
- %APPDATA%\tmp1.tmp
- 'ut####t-ugeas.biz':80
- 'ce####cqwdnoh.cm':80
- ut####t-ugeas.biz/d/N?02####################################################################################################
- DNS ASK ut####t-ugeas.biz
- DNS ASK ce####cqwdnoh.cm