Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'PNRP Disk Update Media Engine Store Agent Health' = '%APPDATA%\jtfckms\qsqjabmuieel.exe'
- '%APPDATA%\jtfckms\citquwrb.exe' "%APPDATA%\jtfckms\qsqjabmuieel.exe"
- '%APPDATA%\jtfckms\qsqjabmuieel.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %APPDATA%\jtfckms\qsqjabmuieel.xhh
- %APPDATA%\jtfckms\citquwrb.exe
- %APPDATA%\jtfckms\qsqjabmuieel.exe
- %APPDATA%\jtfckms\citquwrb.exe
- %APPDATA%\jtfckms\qsqjabmuieel.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'ch####ensupply.net':80
- 'fa####supply.net':80
- 'ci####ttearrive.net':80
- 'ci####ttesupply.net':80
- 'pi####earrive.net':80
- ch####ensupply.net/forum/search.php?em################################
- fa####supply.net/forum/search.php?em################################
- ci####ttearrive.net/forum/search.php?em################################
- ci####ttesupply.net/forum/search.php?em################################
- pi####earrive.net/forum/search.php?em################################
- DNS ASK ci####ttearrive.net
- DNS ASK pi####earrive.net
- DNS ASK ch####ensupply.net
- DNS ASK ch#####ndistance.net
- DNS ASK fa####supply.net
- DNS ASK pi####edistance.net
- DNS ASK ci####ttesupply.net
- DNS ASK ci#####tedistance.net
- DNS ASK ci####tteoffice.net
- DNS ASK pi####eoffice.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''