Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Detection Counter NGEN WinHTTP Volume Server] 'Start' = '00000002'
- 'C:\kmquuz4yca\ig20k4s6o0x.exe' "c:\kmquuz4yca\c2n2pv6szcfgn.exe"
- 'C:\kmquuz4yca\c2n2pv6szcfgn.exe'
- 'C:\kmquuz4yca\fxsaphq4if73lixxmuwcqau.exe'
- C:\kmquuz4yca\c2n2pv6szcfgn.exe
- C:\kmquuz4yca\ig20k4s6o0x.exe
- C:\kmquuz4yca\apgrdw
- %WINDIR%\kmquuz4yca\gg60ymzr7xkj
- C:\kmquuz4yca\gg60ymzr7xkj
- C:\kmquuz4yca\fxsaphq4if73lixxmuwcqau.exe
- C:\kmquuz4yca\ig20k4s6o0x.exe
- C:\kmquuz4yca\c2n2pv6szcfgn.exe
- C:\kmquuz4yca\fxsaphq4if73lixxmuwcqau.exe
- %WINDIR%\kmquuz4yca\gg60ymzr7xkj
- DNS ASK se######rchamberlain.net
- DNS ASK tr######nchamberlain.net
- DNS ASK tr#####ananthonyson.net
- DNS ASK co######rbrassington.net
- DNS ASK se#####eranthonyson.net
- DNS ASK se#####erecclestone.net
- DNS ASK tr######nbrassington.net
- DNS ASK se#####naanthonyson.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK tr#####anecclestone.net
- DNS ASK se######rbrassington.net
- ClassName: 'Shell_TrayWnd' WindowName: ''