Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Management Bus BitLocker Disk' = 'C:\coareft\vfuvbcnftlc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Adapter Protected Policy Portable Quality] 'ImagePath' = 'C:\coareft\vfuvbcnftlc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Adapter Protected Policy Portable Quality] 'Start' = '00000002'
- 'C:\coareft\eagqjize.exe' "c:\coareft\vfuvbcnftlc.exe"
- 'C:\coareft\vfuvbcnftlc.exe'
- 'C:\coareft\fd2w18tgi5pzzyhyc54.exe'
- C:\coareft\vfuvbcnftlc.exe
- C:\coareft\eagqjize.exe
- C:\coareft\grsyxes
- %WINDIR%\coareft\abqjnq8v
- C:\coareft\abqjnq8v
- C:\coareft\fd2w18tgi5pzzyhyc54.exe
- C:\coareft\eagqjize.exe
- C:\coareft\vfuvbcnftlc.exe
- C:\coareft\fd2w18tgi5pzzyhyc54.exe
- %WINDIR%\coareft\abqjnq8v
- %WINDIR%\coareft\abqjnq8v
- '19#.#62.66.148':52345
- '85.##.122.169':40540
- '79.##7.196.121':45688
- '21#.#7.168.28':52231
- '92.##7.78.237':47427
- '72.#9.59.91':23362
- '41.#6.20.41':48405
- '61.##6.2.217':25840
- ClassName: 'Shell_TrayWnd' WindowName: ''