Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Level Connections DHCP Session' = 'C:\cqronmodnrh\ecqvyup.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Identity Network Services Window Bus] 'Start' = '00000002'
- 'C:\cqronmodnrh\bpkpcuxtcyyl.exe' "c:\cqronmodnrh\ecqvyup.exe"
- 'C:\cqronmodnrh\ecqvyup.exe'
- 'C:\cqronmodnrh\fvec24xj2nmqfdlifois.exe'
- C:\cqronmodnrh\ecqvyup.exe
- C:\cqronmodnrh\bpkpcuxtcyyl.exe
- C:\cqronmodnrh\zcdqdulqq
- %WINDIR%\cqronmodnrh\rq4esw
- C:\cqronmodnrh\rq4esw
- C:\cqronmodnrh\fvec24xj2nmqfdlifois.exe
- C:\cqronmodnrh\bpkpcuxtcyyl.exe
- C:\cqronmodnrh\ecqvyup.exe
- C:\cqronmodnrh\fvec24xj2nmqfdlifois.exe
- %WINDIR%\cqronmodnrh\rq4esw
- 'he####promise.net':80
- 'he###should.net':80
- 'ge####should.net':80
- 'le###rshort.net':80
- 'he####opinion.net':80
- 'le####promise.net':80
- http://he####promise.net/index.php?me########
- http://he###should.net/index.php?me########
- http://ge####should.net/index.php?me########
- http://le###rshort.net/index.php?me########
- http://he####opinion.net/index.php?me########
- http://le####promise.net/index.php?me########
- DNS ASK he###should.net
- DNS ASK he####promise.net
- DNS ASK he###short.net
- DNS ASK ge####should.net
- DNS ASK le####promise.net
- DNS ASK he###nshort.net
- DNS ASK le###rshort.net
- DNS ASK he####opinion.net
- DNS ASK le####opinion.net
- ClassName: 'Shell_TrayWnd' WindowName: ''