Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Socket Location Identity Accounts' = '%APPDATA%\Roaming\ifdctltjvrupn\uwcdwpvun.exe'
- '%APPDATA%\Roaming\ifdctltjvrupn\oedgbpzvn.exe' "%APPDATA%\Roaming\ifdctltjvrupn\uwcdwpvun.exe"
- '%APPDATA%\Roaming\ifdctltjvrupn\uwcdwpvun.exe'
- %APPDATA%\Roaming\ifdctltjvrupn\uwcdwpvun.ado
- %APPDATA%\Roaming\ifdctltjvrupn\oedgbpzvn.exe
- %APPDATA%\Roaming\ifdctltjvrupn\uwcdwpvun.exe
- %APPDATA%\Roaming\ifdctltjvrupn\uwcdwpvun.exe
- DNS ASK be####echoose.net
- DNS ASK ex####choose.net
- DNS ASK ex####although.net
- DNS ASK ex####period.net
- DNS ASK be####ealthough.net
- DNS ASK en####hthrown.net
- DNS ASK ei###rstorm.net
- DNS ASK en####htraining.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK ei####thrown.net
- DNS ASK en####hstorm.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''