Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Propagation Proxy Biometric Key Fax SPP] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Propagation Proxy Biometric Key Fax SPP] 'ImagePath' = 'C:\pcvmjbbylajgbdg\wrwxizq.exe'
- %WINDIR%\pcvmjbbylajgbdg\ewzjcsod
- C:\pcvmjbbylajgbdg\ewzjcsod
- C:\pcvmjbbylajgbdg\qnonmzluwok127je.exe
- C:\pcvmjbbylajgbdg\wrwxizq.exe
- C:\pcvmjbbylajgbdg\lmqvxulhsd.exe
- C:\pcvmjbbylajgbdg\wndfmo0smsbu
- C:\pcvmjbbylajgbdg\wrwxizq.exe
- C:\pcvmjbbylajgbdg\lmqvxulhsd.exe
- %WINDIR%\pcvmjbbylajgbdg\ewzjcsod
- C:\pcvmjbbylajgbdg\qnonmzluwok127je.exe
- %WINDIR%\pcvmjbbylajgbdg\ewzjcsod
- DNS ASK st####elieve.net
- DNS ASK st####threceive.net
- DNS ASK st####eceive.net
- DNS ASK st####thquarter.net
- DNS ASK st####uarter.net
- DNS ASK mo####nthonor.net
- DNS ASK ou####ehonor.net
- DNS ASK mo####ntneither.net
- 'C:\pcvmjbbylajgbdg\qnonmzluwok127je.exe'
- 'C:\pcvmjbbylajgbdg\wrwxizq.exe'
- 'C:\pcvmjbbylajgbdg\lmqvxulhsd.exe' "c:\pcvmjbbylajgbdg\wrwxizq.exe"