Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ordering Bluetooth Web Endpoint' = 'C:\sfwjmccnbahf\cugpuqvsbqq.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Player DNS Computer Update Call] 'ImagePath' = 'C:\sfwjmccnbahf\cugpuqvsbqq.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Player DNS Computer Update Call] 'Start' = '00000002'
- 'C:\sfwjmccnbahf\rqfsbvirjm.exe' "c:\sfwjmccnbahf\cugpuqvsbqq.exe"
- 'C:\sfwjmccnbahf\cugpuqvsbqq.exe'
- 'C:\sfwjmccnbahf\vaqxu2vxbriwgawrt1dk.exe'
- C:\sfwjmccnbahf\cugpuqvsbqq.exe
- C:\sfwjmccnbahf\rqfsbvirjm.exe
- C:\sfwjmccnbahf\onacu3fmdvf
- %WINDIR%\sfwjmccnbahf\oxtszavt
- C:\sfwjmccnbahf\oxtszavt
- C:\sfwjmccnbahf\vaqxu2vxbriwgawrt1dk.exe
- C:\sfwjmccnbahf\rqfsbvirjm.exe
- C:\sfwjmccnbahf\cugpuqvsbqq.exe
- C:\sfwjmccnbahf\vaqxu2vxbriwgawrt1dk.exe
- %WINDIR%\sfwjmccnbahf\oxtszavt
- %WINDIR%\sfwjmccnbahf\oxtszavt
- 'fo####bottom.net':80
- 'me####bottom.net':80
- 'me####forever.net':80
- 'me###rbeing.net':80
- 'fo####forever.net':80
- http://fo####bottom.net/index.php
- http://me####bottom.net/index.php
- http://me####forever.net/index.php
- http://me###rbeing.net/index.php
- http://fo####forever.net/index.php
- DNS ASK fo####bottom.net
- DNS ASK me####bottom.net
- DNS ASK be###beyond.net
- DNS ASK me###rbeing.net
- DNS ASK fo####forever.net
- DNS ASK me####forever.net
- ClassName: 'Shell_TrayWnd' WindowName: ''