Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Framework DCOM Awareness Color' = '<SYSTEM32>\azctkwsn.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\azctkwsn.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\HomeGroup Net.Tcp Routing NetBIOS ActiveX TPM] 'Start' = '00000002'
- Центр обеспечения безопасности (Security Center)
- '<SYSTEM32>\oswmbhnusglt.exe' "<SYSTEM32>\azctkwsn.exe"
- '%WINDIR%\Temp\ybdwhe4goqqt7p.exe' -r 48234 tcp
- '%TEMP%\ybdwhe3wskqt7gnmesks.exe'
- '<SYSTEM32>\azctkwsn.exe'
- <SYSTEM32>\xdhkssokodckqes\run
- <SYSTEM32>\xdhkssokodckqes\rng
- %WINDIR%\Temp\ybdwhe4goqqt7p.exe
- <SYSTEM32>\xdhkssokodckqes\cfg
- <SYSTEM32>\oswmbhnusglt.exe
- %TEMP%\ybdwhe3wskqt7gnmesks.exe
- <SYSTEM32>\xdhkssokodckqes\tst
- <SYSTEM32>\azctkwsn.exe
- <SYSTEM32>\xdhkssokodckqes\etc
- <SYSTEM32>\oswmbhnusglt.exe
- <SYSTEM32>\azctkwsn.exe
- %WINDIR%\Temp\ybdwhe4goqqt7p.exe
- <DRIVERS>\etc\hosts
- %TEMP%\ybdwhe3wskqt7gnmesks.exe
- DNS ASK go#####everytime.com
- DNS ASK en#####paintshop.com
- DNS ASK sp###aguga.net
- DNS ASK ja###uter.com
- DNS ASK sp###aguga.com
- DNS ASK el#####arimagine.com
- DNS ASK ji####herenow.com
- '23#.#55.255.250':1900