Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'List Initiator Credential Security' = 'C:\nycudfqj\wpxqykmxwfh.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Protocol Telephony Office Color Connect] 'ImagePath' = 'C:\nycudfqj\wpxqykmxwfh.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Protocol Telephony Office Color Connect] 'Start' = '00000002'
- 'C:\nycudfqj\sqveoyrybc.exe' "c:\nycudfqj\wpxqykmxwfh.exe"
- 'C:\nycudfqj\wpxqykmxwfh.exe'
- 'C:\nycudfqj\gahn2tljgxrpoidav.exe'
- C:\nycudfqj\wpxqykmxwfh.exe
- C:\nycudfqj\sqveoyrybc.exe
- C:\nycudfqj\kj4hl8vi
- %WINDIR%\nycudfqj\hhuksa
- C:\nycudfqj\hhuksa
- C:\nycudfqj\gahn2tljgxrpoidav.exe
- C:\nycudfqj\sqveoyrybc.exe
- C:\nycudfqj\wpxqykmxwfh.exe
- C:\nycudfqj\gahn2tljgxrpoidav.exe
- %WINDIR%\nycudfqj\hhuksa
- %WINDIR%\nycudfqj\hhuksa
- 'ex####succeed.net':80
- 'be####esucceed.net':80
- 'en####hshare.net':80
- 'en####hshake.net':80
- 'ei###rshare.net':80
- http://ex####succeed.net/index.php
- http://be####esucceed.net/index.php
- http://en####hshare.net/index.php
- http://en####hshake.net/index.php
- http://ei###rshare.net/index.php
- DNS ASK ex####succeed.net
- DNS ASK be####esucceed.net
- DNS ASK ex####between.net
- DNS ASK en####hshake.net
- DNS ASK ei###rshare.net
- DNS ASK en####hshare.net
- ClassName: 'Shell_TrayWnd' WindowName: ''