Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Socket Sharing Font Filtering' = 'C:\hebxozblq\gfsbeaoiqjyn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Superfetch KtmRm AuthIP Encrypting] 'ImagePath' = 'C:\hebxozblq\gfsbeaoiqjyn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Superfetch KtmRm AuthIP Encrypting] 'Start' = '00000002'
- 'C:\hebxozblq\kjhhinpby.exe' "c:\hebxozblq\gfsbeaoiqjyn.exe"
- 'C:\hebxozblq\gfsbeaoiqjyn.exe'
- 'C:\hebxozblq\gnx2vmgqygxssmldj.exe'
- C:\hebxozblq\gfsbeaoiqjyn.exe
- C:\hebxozblq\kjhhinpby.exe
- C:\hebxozblq\s2kyzjvkisc
- %WINDIR%\hebxozblq\k9xvmd9
- C:\hebxozblq\k9xvmd9
- C:\hebxozblq\gnx2vmgqygxssmldj.exe
- C:\hebxozblq\kjhhinpby.exe
- C:\hebxozblq\gfsbeaoiqjyn.exe
- C:\hebxozblq\gnx2vmgqygxssmldj.exe
- %WINDIR%\hebxozblq\k9xvmd9
- %WINDIR%\hebxozblq\k9xvmd9
- '73.##.228.84':36884
- '94.##1.114.138':44254
- '24.##9.216.168':33794
- '91.##.35.122':26126
- '5.##.147.5':26337
- '18#.#50.153.254':32097
- '95.##8.241.220':49038
- '17#.#50.138.208':20422
- '17#.37.2.43':44303
- '78.#7.87.58':21017
- '21#.#07.110.82':26314
- ClassName: 'Shell_TrayWnd' WindowName: ''