Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Keying CNG Event Files IPsec' = 'C:\zrbavdn\mirvifoul.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Cache Error Registrar DHCP Protocol Parental IKE] 'ImagePath' = 'C:\zrbavdn\mirvifoul.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Cache Error Registrar DHCP Protocol Parental IKE] 'Start' = '00000002'
- 'C:\zrbavdn\efndhhu.exe' "c:\zrbavdn\mirvifoul.exe"
- 'C:\zrbavdn\mirvifoul.exe'
- 'C:\zrbavdn\oj3bk9v5ht4erc.exe'
- C:\zrbavdn\mirvifoul.exe
- C:\zrbavdn\efndhhu.exe
- C:\zrbavdn\uaxf3fshg
- %WINDIR%\zrbavdn\atu1lmjpxf
- C:\zrbavdn\atu1lmjpxf
- C:\zrbavdn\oj3bk9v5ht4erc.exe
- C:\zrbavdn\efndhhu.exe
- C:\zrbavdn\mirvifoul.exe
- C:\zrbavdn\oj3bk9v5ht4erc.exe
- %WINDIR%\zrbavdn\atu1lmjpxf
- %WINDIR%\zrbavdn\atu1lmjpxf
- '86.##5.10.227':45279
- '91.##.35.122':26126
- '78.#7.87.58':21017
- '86.##5.19.130':27743
- '10#.#29.186.201':47507
- '18#.#39.139.100':37599
- '18#.#23.70.113':37727
- '78.##5.171.93':23699
- '41.##.10.183':48405
- '41.##2.44.224':45860
- '5.##.147.5':26337
- '98.##.223.221':20922
- ClassName: 'Shell_TrayWnd' WindowName: ''