Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Driver TPM TP Alerts Locator Protection Shadow' = '%APPDATA%\Roaming\mcemrtdgetaboed\okquxudbfq.exe'
- '%APPDATA%\Roaming\mcemrtdgetaboed\rqfmymoraigm.exe' "%APPDATA%\Roaming\mcemrtdgetaboed\okquxudbfq.exe"
- '%APPDATA%\Roaming\mcemrtdgetaboed\okquxudbfq.exe'
- %APPDATA%\Roaming\mcemrtdgetaboed\okquxudbfq.zxkz
- %APPDATA%\Roaming\mcemrtdgetaboed\rqfmymoraigm.exe
- %APPDATA%\Roaming\mcemrtdgetaboed\okquxudbfq.exe
- %APPDATA%\Roaming\mcemrtdgetaboed\rqfmymoraigm.exe
- %APPDATA%\Roaming\mcemrtdgetaboed\okquxudbfq.exe
- DNS ASK sm###spring.net
- DNS ASK wo###spring.net
- DNS ASK wo####uccess.net
- DNS ASK wo###banker.net
- DNS ASK sm####uccess.net
- DNS ASK wa###banker.net
- DNS ASK th####tbanker.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK sm###found.net
- DNS ASK wo###found.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''