Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Launcher Remote Source Biometric Microsoft] 'Start' = '00000002'
- 'C:\uaycaivz\qljshfibivzl.exe' "c:\uaycaivz\figmnnlu.exe"
- 'C:\uaycaivz\figmnnlu.exe'
- 'C:\uaycaivz\zzb8d1apzxgkzhhftim.exe'
- C:\uaycaivz\figmnnlu.exe
- C:\uaycaivz\qljshfibivzl.exe
- C:\uaycaivz\fdwfeskl
- %WINDIR%\uaycaivz\g68xyoslh
- C:\uaycaivz\g68xyoslh
- C:\uaycaivz\zzb8d1apzxgkzhhftim.exe
- C:\uaycaivz\qljshfibivzl.exe
- C:\uaycaivz\figmnnlu.exe
- C:\uaycaivz\zzb8d1apzxgkzhhftim.exe
- %WINDIR%\uaycaivz\g68xyoslh
- DNS ASK st####ebanker.net
- DNS ASK hi####ysuccess.net
- DNS ASK hi####ybanker.net
- DNS ASK we####rfound.net
- DNS ASK am###tfound.net
- DNS ASK st####esuccess.net
- DNS ASK hi####yfound.net
- DNS ASK st####efound.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK hi####yspring.net
- DNS ASK st####espring.net
- ClassName: 'Shell_TrayWnd' WindowName: ''