Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Socket Log Telephony Level Auto-Discovery' = 'C:\geunuucrj\igaunjna.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Task Assistant Font Isolation Key Net.Tcp] 'ImagePath' = 'C:\geunuucrj\igaunjna.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Task Assistant Font Isolation Key Net.Tcp] 'Start' = '00000002'
- 'C:\geunuucrj\bkolaawps.exe' "c:\geunuucrj\igaunjna.exe"
- 'C:\geunuucrj\igaunjna.exe'
- 'C:\geunuucrj\bl2elmxpipyfumair.exe'
- C:\geunuucrj\igaunjna.exe
- C:\geunuucrj\bkolaawps.exe
- C:\geunuucrj\unozhyjcnw
- %WINDIR%\geunuucrj\ukrgmg
- C:\geunuucrj\ukrgmg
- C:\geunuucrj\bl2elmxpipyfumair.exe
- C:\geunuucrj\bkolaawps.exe
- C:\geunuucrj\igaunjna.exe
- C:\geunuucrj\bl2elmxpipyfumair.exe
- %WINDIR%\geunuucrj\ukrgmg
- %WINDIR%\geunuucrj\ukrgmg
- 'ri###forest.net':80
- 'fi###ewheat.net':80
- 'wh####rforest.net':80
- 'wh####ralways.net':80
- 'ri###always.net':80
- http://ri###forest.net/index.php
- http://fi###ewheat.net/index.php
- http://wh####rforest.net/index.php
- http://wh####ralways.net/index.php
- http://ri###always.net/index.php
- DNS ASK ri###forest.net
- DNS ASK fi###ewheat.net
- DNS ASK th###hwheat.net
- DNS ASK wh####ralways.net
- DNS ASK ri###always.net
- DNS ASK wh####rforest.net
- ClassName: 'Shell_TrayWnd' WindowName: ''