Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Telephony DCOM Spooler Scheduler' = 'C:\nqibexegsdmwb\smxrnwibkv.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Bus Launcher NetBIOS Receiver] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Bus Launcher NetBIOS Receiver] 'ImagePath' = 'C:\nqibexegsdmwb\smxrnwibkv.exe'
- %WINDIR%\nqibexegsdmwb\gubhsn
- C:\nqibexegsdmwb\gubhsn
- C:\nqibexegsdmwb\le2gmzic7spdqqfwz0p.exe
- C:\nqibexegsdmwb\smxrnwibkv.exe
- C:\nqibexegsdmwb\nyfrlgiant.exe
- C:\nqibexegsdmwb\avljzitwnjs
- C:\nqibexegsdmwb\smxrnwibkv.exe
- C:\nqibexegsdmwb\nyfrlgiant.exe
- %WINDIR%\nqibexegsdmwb\gubhsn
- C:\nqibexegsdmwb\le2gmzic7spdqqfwz0p.exe
- %WINDIR%\nqibexegsdmwb\gubhsn
- '18#.#0.243.3':25741
- '21#.#07.110.82':26314
- '5.##.19.242':27426
- '79.##3.139.198':21201
- '95.##8.241.220':49038
- '94.##1.114.138':44254
- '86.##5.19.130':27743
- '81.##7.50.99':52074
- '19#.#6.240.249':21875
- '20#.#23.152.97':27682
- '18#.#42.145.105':26662
- '19#.#47.86.10':25432
- 'C:\nqibexegsdmwb\le2gmzic7spdqqfwz0p.exe'
- 'C:\nqibexegsdmwb\smxrnwibkv.exe'
- 'C:\nqibexegsdmwb\nyfrlgiant.exe' "c:\nqibexegsdmwb\smxrnwibkv.exe"