Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{9424D614-4115-A129-B9E9-B9872C616801}' = '"%APPDATA%\Tuupi\hybyn.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\ctfmon.exe' = '<SYSTEM32>\ctfmon.exe:*:Enabled:ctfmon.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\explorer.exe' = '%WINDIR%\explorer.exe:*:Enabled:explorer.exe...
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\Tuupi\hybyn.exe' = '%APPDATA%\Tuupi\hybyn.exe:*:Enabled:hyby...
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\tmp955b28fa.bat"
- '%APPDATA%\Tuupi\hybyn.exe'
- <SYSTEM32>\cscript.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1609' = '00000000'
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\url[1].link
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\kim[1].dot
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\help[1].txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\web[1].txt
- %APPDATA%\Bauc\imqov.ymw
- %APPDATA%\Tuupi\hybyn.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\yep[1].txt
- %TEMP%\tmp955b28fa.bat
- %APPDATA%\Bauc\imqov.ymw в %APPDATA%\Bauc\imqov.tmp
- 'tv.#####er-und-orchester.de':80
- 'www.se####g-wilhelm.de':80
- 'www.tr####recipes.in':80
- 'ca###-fish.ru':80
- 'www.te###ye.com.ph':80
- http://tv.#####er-und-orchester.de/web.txt
- http://www.se####g-wilhelm.de/help.txt
- http://www.tr####recipes.in/modules/mod_araticlws/url.link
- http://ca###-fish.ru/wp-content/plugins/yep.txt
- http://www.te###ye.com.ph/blog/wp-content/uploads/kim.dot
- DNS ASK tv.#####er-und-orchester.de
- DNS ASK www.se####g-wilhelm.de
- DNS ASK www.tr####recipes.in
- DNS ASK ca###-fish.ru
- DNS ASK www.te###ye.com.ph