Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Encrypting Computer Visual Parental Policy] 'Start' = '00000002'
- 'C:\lzocoiyocxa\elgodilhk.exe' "c:\lzocoiyocxa\qeqgneypt.exe"
- 'C:\lzocoiyocxa\qeqgneypt.exe'
- 'C:\lzocoiyocxa\z108t85c4zhhegwsu.exe'
- C:\lzocoiyocxa\qeqgneypt.exe
- C:\lzocoiyocxa\elgodilhk.exe
- C:\lzocoiyocxa\adx4yog2o7
- %WINDIR%\lzocoiyocxa\ec8xmdpr4ie
- C:\lzocoiyocxa\ec8xmdpr4ie
- C:\lzocoiyocxa\z108t85c4zhhegwsu.exe
- C:\lzocoiyocxa\elgodilhk.exe
- C:\lzocoiyocxa\qeqgneypt.exe
- C:\lzocoiyocxa\z108t85c4zhhegwsu.exe
- %WINDIR%\lzocoiyocxa\ec8xmdpr4ie
- DNS ASK he####opinion.net
- DNS ASK le####opinion.net
- DNS ASK le####promise.net
- DNS ASK he###should.net
- DNS ASK he####promise.net
- DNS ASK he###nshort.net
- DNS ASK le####should.net
- DNS ASK re####epromise.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK le###rshort.net
- DNS ASK he####should.net
- ClassName: 'Shell_TrayWnd' WindowName: ''