Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Config Cryptographic Connection Store] 'Start' = '00000002'
- 'C:\waehupbstefgokk\nwvuflk.exe' "c:\waehupbstefgokk\xajwgcs.exe"
- 'C:\waehupbstefgokk\xajwgcs.exe'
- 'C:\waehupbstefgokk\xr7kgzbjpe6gnef2vc.exe'
- C:\waehupbstefgokk\xajwgcs.exe
- C:\waehupbstefgokk\nwvuflk.exe
- C:\waehupbstefgokk\nwies9gmq
- %WINDIR%\waehupbstefgokk\hctyjlevo
- C:\waehupbstefgokk\hctyjlevo
- C:\waehupbstefgokk\xr7kgzbjpe6gnef2vc.exe
- C:\waehupbstefgokk\nwvuflk.exe
- C:\waehupbstefgokk\xajwgcs.exe
- C:\waehupbstefgokk\xr7kgzbjpe6gnef2vc.exe
- %WINDIR%\waehupbstefgokk\hctyjlevo
- DNS ASK br####ontain.net
- DNS ASK fl####ontain.net
- DNS ASK fl###basket.net
- DNS ASK qu####ndustry.net
- DNS ASK br###basket.net
- DNS ASK br###became.net
- DNS ASK fl####ndustry.net
- DNS ASK ga####basket.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK fl###became.net
- DNS ASK br####ndustry.net
- ClassName: 'Shell_TrayWnd' WindowName: ''