Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Disk Controls Security Link' = '<SYSTEM32>\vucgmdanncd.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\vucgmdanncd.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\Interface Files WMI Enumerator Server] 'Start' = '00000002'
- Центр обеспечения безопасности (Security Center)
- <SYSTEM32>\qhybynegpw.exe "<SYSTEM32>\vucgmdanncd.exe"
- %WINDIR%\Temp\phnvahl48cdvw3.exe -r 35936 tcp
- %TEMP%\phnvahl2q07vwjdixl4u.exe
- <SYSTEM32>\vucgmdanncd.exe
- <SYSTEM32>\sxtlobsfra\run
- <SYSTEM32>\sxtlobsfra\rng
- %WINDIR%\Temp\phnvahl48cdvw3.exe
- <SYSTEM32>\sxtlobsfra\cfg
- <SYSTEM32>\qhybynegpw.exe
- %TEMP%\phnvahl2q07vwjdixl4u.exe
- <SYSTEM32>\sxtlobsfra\tst
- <SYSTEM32>\vucgmdanncd.exe
- <SYSTEM32>\sxtlobsfra\etc
- <SYSTEM32>\qhybynegpw.exe
- <SYSTEM32>\vucgmdanncd.exe
- %WINDIR%\Temp\phnvahl48cdvw3.exe
- <DRIVERS>\etc\hosts
- %TEMP%\phnvahl2q07vwjdixl4u.exe
- 'oi###agyta.com':80
- oi###agyta.com/forum/search.php?me#######################################
- DNS ASK ja###uter.com
- DNS ASK go#####everytime.com
- DNS ASK oi###agyta.net
- DNS ASK el#####arimagine.com
- DNS ASK ma######elemelefresh.com
- DNS ASK oi###agyta.com
- DNS ASK sp###aguga.com
- DNS ASK pu#####vibrations.com
- '23#.#55.255.250':1900