Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Counter Now Web Fax Time Isolation WMI] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Counter Now Web Fax Time Isolation WMI] 'ImagePath' = 'C:\cbcptzkkrm\cxzkergzt.exe'
- 'Counter Now Web Fax Time Isolation WMI' C:\cbcptzkkrm\cxzkergzt.exe
- %WINDIR%\cbcptzkkrm\obvcoskhwfr
- C:\cbcptzkkrm\obvcoskhwfr
- C:\cbcptzkkrm\oigth8hinngzantkec.exe
- C:\cbcptzkkrm\cxzkergzt.exe
- C:\cbcptzkkrm\emlnexbzvop.exe
- C:\cbcptzkkrm\cxzkergzt.exe
- C:\cbcptzkkrm\emlnexbzvop.exe
- %WINDIR%\cbcptzkkrm\obvcoskhwfr
- C:\cbcptzkkrm\oigth8hinngzantkec.exe
- %WINDIR%\cbcptzkkrm\obvcoskhwfr
- DNS ASK su####father.net
- DNS ASK cr###father.net
- DNS ASK su###rapple.net
- DNS ASK cr###apple.net
- DNS ASK su###rbuilt.net
- DNS ASK cr###built.net
- DNS ASK su###rcarry.net
- 'C:\cbcptzkkrm\oigth8hinngzantkec.exe'
- 'C:\cbcptzkkrm\cxzkergzt.exe'
- 'C:\cbcptzkkrm\emlnexbzvop.exe' "c:\cbcptzkkrm\cxzkergzt.exe"