Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KtmRm AuthIP Level WebClient Intelligent System' = '%APPDATA%\Roaming\jrl1w1kr\evqryz.exe'
- '%APPDATA%\Roaming\jrl1w1kr\fecdhygs.exe' "%APPDATA%\Roaming\jrl1w1kr\evqryz.exe"
- '%APPDATA%\Roaming\jrl1w1kr\evqryz.exe'
- %APPDATA%\Roaming\jrl1w1kr\evqryz.lf
- %APPDATA%\Roaming\jrl1w1kr\fecdhygs.exe
- %APPDATA%\Roaming\jrl1w1kr\evqryz.exe
- %APPDATA%\Roaming\jrl1w1kr\evqryz.exe
- DNS ASK de####nation.net
- DNS ASK re####daughter.net
- DNS ASK fo####dnation.net
- DNS ASK fo####dsoldier.net
- DNS ASK de####soldier.net
- DNS ASK va####sdaughter.net
- DNS ASK re###nbrown.net
- DNS ASK va####sbrown.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK re####people.net
- DNS ASK va####speople.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''