Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'TP Grouping iSCSI Tunneling Foundation' = 'C:\szfbxujeobxrb\hqrmryk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Logon AutoConnect Cache Machine] 'Start' = '00000002'
- 'C:\szfbxujeobxrb\slyypch.exe' "c:\szfbxujeobxrb\hqrmryk.exe"
- 'C:\szfbxujeobxrb\hqrmryk.exe'
- 'C:\szfbxujeobxrb\zqda4ugtbhbzmmfadtd.exe'
- C:\szfbxujeobxrb\hqrmryk.exe
- C:\szfbxujeobxrb\slyypch.exe
- C:\szfbxujeobxrb\yzru7cgeip
- %WINDIR%\szfbxujeobxrb\qzdkqlnyofyx
- C:\szfbxujeobxrb\qzdkqlnyofyx
- C:\szfbxujeobxrb\zqda4ugtbhbzmmfadtd.exe
- C:\szfbxujeobxrb\slyypch.exe
- C:\szfbxujeobxrb\hqrmryk.exe
- C:\szfbxujeobxrb\zqda4ugtbhbzmmfadtd.exe
- %WINDIR%\szfbxujeobxrb\qzdkqlnyofyx
- 'jo####ybuilt.net':80
- 'hu####dbuilt.net':80
- 'hu####dapple.net':80
- 'jo####yfather.net':80
- 'jo####yapple.net':80
- http://jo####ybuilt.net/index.php?me########
- http://hu####dbuilt.net/index.php?me########
- http://hu####dapple.net/index.php?me########
- http://jo####yfather.net/index.php?me########
- http://jo####yapple.net/index.php?me########
- DNS ASK jo####ycarry.net
- DNS ASK hu####dbuilt.net
- DNS ASK de####yfather.net
- DNS ASK hu####dcarry.net
- DNS ASK jo####ybuilt.net
- DNS ASK hu####dfather.net
- DNS ASK jo####yfather.net
- DNS ASK hu####dapple.net
- DNS ASK jo####yapple.net
- ClassName: 'Shell_TrayWnd' WindowName: ''