Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{1D476073-5E7F-AD41-B897-60D4A63F43C6}' = '"%APPDATA%\Ukpup\juod.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\tmpc5d895b9.bat"
- '%APPDATA%\Ukpup\juod.exe'
- <SYSTEM32>\cscript.exe
- [<HKCU>\Software\Microsoft\Windows Live Mail]
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Internet Account Manager]
- %TEMP%\tmpc5d895b9.bat
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\rcdrsscpnrldemnblylrch[1]
- %APPDATA%\Ukpup\juod.exe
- <LS_APPDATA>\uptyu.ovg
- 'rc######nrldemnblylrch.biz':80
- 'www.bing.com':80
- '74.##5.232.51':80
- http://rc######nrldemnblylrch.biz/
- http://www.bing.com/
- http://www.google.com/ via 74.##5.232.51
- DNS ASK www.bing.com
- DNS ASK www.google.com
- DNS ASK rc######nrldemnblylrch.biz
- '85.#1.57.48':12724
- '10#.#94.20.252':18216
- '2.###.143.195':25816
- '76.##.43.153':21230
- '94.##1.225.242':19105
- '75.##0.67.202':19487
- '10#.#45.67.188':24504
- '78.##5.221.179':26926
- '10#.#15.158.65':28353
- '10#.#8.196.27':19857
- '19#.#4.127.98':25549
- '78.##.234.97':14445
- '17#.#2.240.159':24509