Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Offline Encryption Extender VC List Locator' = 'C:\blmettdsnozrztq\qblhxvkavuk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Logon Peer Policy Adaptive Connect] 'ImagePath' = 'C:\blmettdsnozrztq\qblhxvkavuk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Logon Peer Policy Adaptive Connect] 'Start' = '00000002'
- 'C:\blmettdsnozrztq\ceiurdvjzp.exe' "c:\blmettdsnozrztq\qblhxvkavuk.exe"
- 'C:\blmettdsnozrztq\qblhxvkavuk.exe'
- 'C:\blmettdsnozrztq\cignh2wzyq7uihsubhfp.exe'
- C:\blmettdsnozrztq\qblhxvkavuk.exe
- C:\blmettdsnozrztq\ceiurdvjzp.exe
- C:\blmettdsnozrztq\wbifpq5k
- %WINDIR%\blmettdsnozrztq\gdsr1sn
- C:\blmettdsnozrztq\gdsr1sn
- C:\blmettdsnozrztq\cignh2wzyq7uihsubhfp.exe
- C:\blmettdsnozrztq\ceiurdvjzp.exe
- C:\blmettdsnozrztq\qblhxvkavuk.exe
- C:\blmettdsnozrztq\cignh2wzyq7uihsubhfp.exe
- %WINDIR%\blmettdsnozrztq\gdsr1sn
- %WINDIR%\blmettdsnozrztq\gdsr1sn
- 'kn###power.net':80
- 'be####ountry.net':80
- 'be###power.net':80
- 'be###famous.net':80
- 'kn###famous.net':80
- http://kn###power.net/index.php
- http://be####ountry.net/index.php
- http://be###power.net/index.php
- http://be###famous.net/index.php
- http://kn###famous.net/index.php
- DNS ASK kn###power.net
- DNS ASK be####ountry.net
- DNS ASK kn####ountry.net
- DNS ASK be###famous.net
- DNS ASK kn###famous.net
- DNS ASK be###power.net
- ClassName: 'Shell_TrayWnd' WindowName: ''