Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Shadow Security Files Internet Name File CNG' = '%APPDATA%\Roaming\wmnjqqlek\kswqueon.exe'
- '%APPDATA%\Roaming\wmnjqqlek\zqdfoxq.exe' "%APPDATA%\Roaming\wmnjqqlek\kswqueon.exe"
- '%APPDATA%\Roaming\wmnjqqlek\kswqueon.exe'
- %APPDATA%\Roaming\wmnjqqlek\kswqueon.pj
- %APPDATA%\Roaming\wmnjqqlek\zqdfoxq.exe
- %APPDATA%\Roaming\wmnjqqlek\kswqueon.exe
- %APPDATA%\Roaming\wmnjqqlek\kswqueon.exe
- DNS ASK ge####manreport.net
- DNS ASK al####ymarket.net
- DNS ASK al####yreport.net
- DNS ASK al####ybeauty.net
- DNS ASK ge####manbeauty.net
- DNS ASK ge####manmarket.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK fr###beauty.net
- DNS ASK ex#####ncebeauty.net
- DNS ASK ex#####ncegarden.net
- DNS ASK fr###garden.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''