Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Policy Telephony TP Biometric' = 'C:\rmpgnjhlbdjl\bafagfbfa.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Visual Device Media Desktop] 'ImagePath' = 'C:\rmpgnjhlbdjl\bafagfbfa.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Visual Device Media Desktop] 'Start' = '00000002'
- 'C:\rmpgnjhlbdjl\arosmwm.exe' "c:\rmpgnjhlbdjl\bafagfbfa.exe"
- 'C:\rmpgnjhlbdjl\bafagfbfa.exe'
- 'C:\rmpgnjhlbdjl\gu7nf2et0nvpxlj178y.exe'
- C:\rmpgnjhlbdjl\bafagfbfa.exe
- C:\rmpgnjhlbdjl\arosmwm.exe
- C:\rmpgnjhlbdjl\o6wlzjbtf
- %WINDIR%\rmpgnjhlbdjl\pknyjyzxlidh
- C:\rmpgnjhlbdjl\pknyjyzxlidh
- C:\rmpgnjhlbdjl\gu7nf2et0nvpxlj178y.exe
- C:\rmpgnjhlbdjl\arosmwm.exe
- C:\rmpgnjhlbdjl\bafagfbfa.exe
- C:\rmpgnjhlbdjl\gu7nf2et0nvpxlj178y.exe
- %WINDIR%\rmpgnjhlbdjl\pknyjyzxlidh
- %WINDIR%\rmpgnjhlbdjl\pknyjyzxlidh
- 'mo####inforever.net':80
- 'po####leforever.net':80
- 'po####lebeing.net':80
- 'po####lebeyond.net':80
- 'mo####inbeing.net':80
- http://mo####inforever.net/index.php
- http://po####leforever.net/index.php
- http://po####lebeing.net/index.php
- http://po####lebeyond.net/index.php
- http://mo####inbeing.net/index.php
- DNS ASK mo####inforever.net
- DNS ASK po####leforever.net
- DNS ASK mo####inbottom.net
- DNS ASK po####lebeyond.net
- DNS ASK mo####inbeing.net
- DNS ASK po####lebeing.net
- ClassName: 'Shell_TrayWnd' WindowName: ''