Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Management User-mode Software Helper' = '<SYSTEM32>\xmetysmrl.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\xmetysmrl.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\Protected System Browser IKE Socket] 'Start' = '00000002'
- Центр обеспечения безопасности (Security Center)
- '<SYSTEM32>\tvoypkwqddnk.exe' "<SYSTEM32>\xmetysmrl.exe"
- '%WINDIR%\Temp\gtwzwnedb4vufp1ww.exe' -r 48013 tcp
- '%TEMP%\gtwzwnedana6fp1whlbp8jmg.exe'
- '<SYSTEM32>\xmetysmrl.exe'
- <SYSTEM32>\ilcsauqybadraw\run
- <SYSTEM32>\ilcsauqybadraw\rng
- <SYSTEM32>\ilcsauqybadraw\cfg
- <SYSTEM32>\ilcsauqybadraw\por
- %WINDIR%\Temp\gtwzwnedb4vufp1ww.exe
- %TEMP%\gtwzwnedana6fp1whlbp8jmg.exe
- <SYSTEM32>\ilcsauqybadraw\tst
- <SYSTEM32>\ilcsauqybadraw\etc
- <SYSTEM32>\tvoypkwqddnk.exe
- <SYSTEM32>\xmetysmrl.exe
- <SYSTEM32>\tvoypkwqddnk.exe
- <SYSTEM32>\xmetysmrl.exe
- <DRIVERS>\etc\hosts
- %TEMP%\gtwzwnedana6fp1whlbp8jmg.exe
- DNS ASK yo###ext.net
- DNS ASK tr###next.net
- DNS ASK yo###ook.net
- DNS ASK tr###been.net
- DNS ASK vi###all.net
- DNS ASK lr###tall.net
- DNS ASK yo###een.net
- DNS ASK el#####arimagine.com
- DNS ASK do####club-grup.com
- DNS ASK sp###aguga.com
- DNS ASK go#####everytime.com
- DNS ASK tr###cook.net
- DNS ASK yo###all.net
- DNS ASK ja###uter.com