Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Secure Support Authentication Socket VC' = 'C:\jfpwkalbisterl\kpzbgiylhr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Internet SNMP Font Grouping Media] 'ImagePath' = 'C:\jfpwkalbisterl\kpzbgiylhr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Internet SNMP Font Grouping Media] 'Start' = '00000002'
- 'C:\jfpwkalbisterl\dojlsgg.exe' "c:\jfpwkalbisterl\kpzbgiylhr.exe"
- 'C:\jfpwkalbisterl\kpzbgiylhr.exe'
- 'C:\jfpwkalbisterl\bwj6i2mz9lakhtjohw.exe'
- C:\jfpwkalbisterl\kpzbgiylhr.exe
- C:\jfpwkalbisterl\dojlsgg.exe
- C:\jfpwkalbisterl\ouseqgt
- %WINDIR%\jfpwkalbisterl\chxqmndfpuy
- C:\jfpwkalbisterl\chxqmndfpuy
- C:\jfpwkalbisterl\bwj6i2mz9lakhtjohw.exe
- C:\jfpwkalbisterl\dojlsgg.exe
- C:\jfpwkalbisterl\kpzbgiylhr.exe
- C:\jfpwkalbisterl\bwj6i2mz9lakhtjohw.exe
- %WINDIR%\jfpwkalbisterl\chxqmndfpuy
- %WINDIR%\jfpwkalbisterl\chxqmndfpuy
- '71.##2.212.226':26466
- '17#.#50.138.208':20422
- '18#.#5.131.224':26337
- '18#.#07.197.116':24498
- '20#.#11.99.94':37369
- '20#.#36.131.186':52293
- '84.##8.130.85':27132
- '85.##.122.169':40540
- ClassName: 'Shell_TrayWnd' WindowName: ''