Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SPP Services Virtual Security' = 'C:\ivhrpzgnpbv\eqsbxfwawg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Detection Topology Controls] 'ImagePath' = 'C:\ivhrpzgnpbv\eqsbxfwawg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Detection Topology Controls] 'Start' = '00000002'
- 'C:\ivhrpzgnpbv\iqwjibfwbjys.exe' "c:\ivhrpzgnpbv\eqsbxfwawg.exe"
- 'C:\ivhrpzgnpbv\eqsbxfwawg.exe'
- 'C:\ivhrpzgnpbv\vwff3d7ackdszkrs17s.exe'
- C:\ivhrpzgnpbv\eqsbxfwawg.exe
- C:\ivhrpzgnpbv\iqwjibfwbjys.exe
- C:\ivhrpzgnpbv\aejn7ldjv
- %WINDIR%\ivhrpzgnpbv\pxbnri
- C:\ivhrpzgnpbv\pxbnri
- C:\ivhrpzgnpbv\vwff3d7ackdszkrs17s.exe
- C:\ivhrpzgnpbv\iqwjibfwbjys.exe
- C:\ivhrpzgnpbv\eqsbxfwawg.exe
- C:\ivhrpzgnpbv\vwff3d7ackdszkrs17s.exe
- %WINDIR%\ivhrpzgnpbv\pxbnri
- %WINDIR%\ivhrpzgnpbv\pxbnri
- 'se####instead.net':80
- 'la####nstead.net':80
- 'se####lappear.net':80
- 'ma####alappear.net':80
- http://se####instead.net/index.php
- http://la####nstead.net/index.php
- http://se####lappear.net/index.php
- http://ma####alappear.net/index.php
- DNS ASK la####nstead.net
- DNS ASK se####explain.net
- DNS ASK se####instead.net
- DNS ASK se####lappear.net
- DNS ASK ma####alappear.net
- ClassName: 'Shell_TrayWnd' WindowName: ''