Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Routing Socket BitLocker COM' = '%APPDATA%\bzriujpnwttye\egbkwzkzhk.exe'
- '%APPDATA%\bzriujpnwttye\ptgknoarbm.exe' "%APPDATA%\bzriujpnwttye\egbkwzkzhk.exe"
- '%APPDATA%\bzriujpnwttye\egbkwzkzhk.exe'
- %APPDATA%\bzriujpnwttye\egbkwzkzhk.es8tb
- %APPDATA%\bzriujpnwttye\ptgknoarbm.exe
- %APPDATA%\bzriujpnwttye\egbkwzkzhk.exe
- %APPDATA%\bzriujpnwttye\egbkwzkzhk.exe
- 'br###brown.net':80
- 'fl###people.net':80
- 'br###people.net':80
- 'fl###brown.net':80
- 'ga####daughter.net':80
- 'fl###ready.net':80
- 'br###ready.net':80
- br###brown.net/index.php?em####################################
- fl###people.net/index.php?em####################################
- br###people.net/index.php?em####################################
- fl###brown.net/index.php?em####################################
- ga####daughter.net/index.php?em####################################
- fl###ready.net/index.php?em####################################
- br###ready.net/index.php?em####################################
- DNS ASK br###brown.net
- DNS ASK fl###people.net
- DNS ASK br###people.net
- DNS ASK fl###brown.net
- DNS ASK ga####daughter.net
- DNS ASK fl###ready.net
- DNS ASK br###ready.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'