Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Superfetch Shadow Policy DLL Internet] 'Start' = '00000002'
- 'C:\pexetxxqof\uhmpncrkfbl.exe' "c:\pexetxxqof\xqipkjlsfns.exe"
- 'C:\pexetxxqof\xqipkjlsfns.exe'
- 'C:\pexetxxqof\b7gk8endkbbybjoyo.exe'
- C:\pexetxxqof\xqipkjlsfns.exe
- C:\pexetxxqof\uhmpncrkfbl.exe
- C:\pexetxxqof\cnngshhd6
- %WINDIR%\pexetxxqof\aamflv
- C:\pexetxxqof\aamflv
- C:\pexetxxqof\b7gk8endkbbybjoyo.exe
- C:\pexetxxqof\uhmpncrkfbl.exe
- C:\pexetxxqof\xqipkjlsfns.exe
- C:\pexetxxqof\b7gk8endkbbybjoyo.exe
- %WINDIR%\pexetxxqof\aamflv
- DNS ASK le####spring.net
- DNS ASK he###nfound.net
- DNS ASK he####spring.net
- DNS ASK he####success.net
- DNS ASK le####success.net
- DNS ASK le###rfound.net
- DNS ASK re####esuccess.net
- DNS ASK or####uccess.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK re####ebanker.net
- DNS ASK or###banker.net
- ClassName: 'Shell_TrayWnd' WindowName: ''