Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\AutoConnect SPP Topology Secure Font Tunneling] 'Start' = '00000002'
- 'C:\jymbyxr\lnydppw.exe' "c:\jymbyxr\qebrynz.exe"
- 'C:\jymbyxr\qebrynz.exe'
- 'C:\jymbyxr\maxv6ux0ia5xexdkdo.exe'
- C:\jymbyxr\qebrynz.exe
- C:\jymbyxr\lnydppw.exe
- C:\jymbyxr\ofgpar7wjaz
- %WINDIR%\jymbyxr\knipedd0
- C:\jymbyxr\knipedd0
- C:\jymbyxr\maxv6ux0ia5xexdkdo.exe
- C:\jymbyxr\lnydppw.exe
- C:\jymbyxr\qebrynz.exe
- C:\jymbyxr\maxv6ux0ia5xexdkdo.exe
- %WINDIR%\jymbyxr\knipedd0
- DNS ASK wo###enough.net
- DNS ASK sm###needle.net
- DNS ASK sm###enough.net
- DNS ASK sm###govern.net
- DNS ASK wo###govern.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK wa###govern.net
- DNS ASK wo###nature.net
- DNS ASK wo###needle.net
- DNS ASK sm###nature.net
- ClassName: 'Shell_TrayWnd' WindowName: ''