Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Services Helper System SNMP Center' = 'C:\aisytssjd\gbrvogn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\ActiveX Cache BitLocker Now] 'Start' = '00000002'
- 'C:\aisytssjd\nqmfaut.exe' "c:\aisytssjd\gbrvogn.exe"
- 'C:\aisytssjd\gbrvogn.exe'
- 'C:\aisytssjd\zt9u4otoulqemfgfj.exe'
- C:\aisytssjd\gbrvogn.exe
- C:\aisytssjd\nqmfaut.exe
- C:\aisytssjd\kglgyrvg
- %WINDIR%\aisytssjd\npuumef1t6l
- C:\aisytssjd\npuumef1t6l
- C:\aisytssjd\zt9u4otoulqemfgfj.exe
- C:\aisytssjd\nqmfaut.exe
- C:\aisytssjd\gbrvogn.exe
- C:\aisytssjd\zt9u4otoulqemfgfj.exe
- %WINDIR%\aisytssjd\npuumef1t6l
- 'cl###fence.net':80
- 'th###fence.net':80
- 'do###matter.net':80
- 'ag####tmatter.net':80
- 'th####traight.net':80
- 'cl####irplane.net':80
- 'cl###guard.net':80
- 'cl####traight.net':80
- http://cl###fence.net/index.php
- http://th###fence.net/index.php
- http://do###matter.net/index.php
- http://ag####tmatter.net/index.php
- http://th####traight.net/index.php
- http://cl####irplane.net/index.php
- http://cl###guard.net/index.php
- http://cl####traight.net/index.php
- DNS ASK cl###fence.net
- DNS ASK th###fence.net
- DNS ASK ag####tmatter.net
- DNS ASK ag####tspent.net
- DNS ASK do###matter.net
- DNS ASK th####traight.net
- DNS ASK cl####irplane.net
- DNS ASK cl####traight.net
- DNS ASK cl###guard.net
- DNS ASK th###guard.net
- ClassName: 'Shell_TrayWnd' WindowName: ''