Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Source Cryptographic Extender Removal' = 'C:\qparamramtbwo\kvtbkuj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Instrumentation Trap iSCSI Extender] 'Start' = '00000002'
- 'C:\qparamramtbwo\ovmqvorseii.exe' "c:\qparamramtbwo\kvtbkuj.exe"
- 'C:\qparamramtbwo\kvtbkuj.exe'
- 'C:\qparamramtbwo\hq555dqvisdi3yu.exe'
- C:\qparamramtbwo\kvtbkuj.exe
- C:\qparamramtbwo\ovmqvorseii.exe
- C:\qparamramtbwo\ndketlxalvn
- %WINDIR%\qparamramtbwo\jfwsiimckqh
- C:\qparamramtbwo\jfwsiimckqh
- C:\qparamramtbwo\hq555dqvisdi3yu.exe
- C:\qparamramtbwo\ovmqvorseii.exe
- C:\qparamramtbwo\kvtbkuj.exe
- C:\qparamramtbwo\hq555dqvisdi3yu.exe
- %WINDIR%\qparamramtbwo\jfwsiimckqh
- 'se####appear.net':80
- 'ag####tinstead.net':80
- 'qu####nother.net':80
- 'qu###appear.net':80
- http://se####appear.net/index.php?me########
- http://ag####tinstead.net/index.php?me########
- http://qu####nother.net/index.php?me########
- http://qu###appear.net/index.php?me########
- DNS ASK qu###appear.net
- DNS ASK se####appear.net
- DNS ASK ag####tinstead.net
- DNS ASK se####business.net
- DNS ASK qu####nother.net
- DNS ASK se####another.net
- DNS ASK qu####usiness.net
- ClassName: 'Shell_TrayWnd' WindowName: ''