Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ksmjlv] 'DLLName' = 'pfkfnifb.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ksmjlv] 'Startup' = 'gfhenwcdkn'
- %WINDIR%\Explorer.EXE
- iexplore.exe
- <SYSTEM32>\pfkfnifb.dll
- <SYSTEM32>\zqmnfvw.exe
- 'su##10.org':80
- su##10.org/CMP/DET8QPA331M6QDATVO/command
- DNS ASK su##10.org