Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Wired Parental Volume Input Shadow' = 'C:\iotbvoeggf\byhqtfa.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Firewall Proxy Plug Biometric] 'ImagePath' = 'C:\iotbvoeggf\byhqtfa.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Firewall Proxy Plug Biometric] 'Start' = '00000002'
- 'C:\iotbvoeggf\dnixaxsoznnh.exe' "c:\iotbvoeggf\byhqtfa.exe"
- 'C:\iotbvoeggf\byhqtfa.exe'
- 'C:\iotbvoeggf\icp2gc4yejmmu5kvlecf.exe'
- C:\iotbvoeggf\byhqtfa.exe
- C:\iotbvoeggf\dnixaxsoznnh.exe
- C:\iotbvoeggf\yikkbvhmabq
- %WINDIR%\iotbvoeggf\bwqme0dhho11
- C:\iotbvoeggf\bwqme0dhho11
- C:\iotbvoeggf\icp2gc4yejmmu5kvlecf.exe
- C:\iotbvoeggf\dnixaxsoznnh.exe
- C:\iotbvoeggf\byhqtfa.exe
- C:\iotbvoeggf\icp2gc4yejmmu5kvlecf.exe
- %WINDIR%\iotbvoeggf\bwqme0dhho11
- %WINDIR%\iotbvoeggf\bwqme0dhho11
- '2.##.19.50':35833
- '71.##2.212.226':26466
- '77.##.186.45':43519
- '24.##9.216.168':33794
- '72.#9.59.91':23362
- '18#.#42.107.86':26662
- '81.##4.87.112':37714
- '20#.#71.22.221':32994
- ClassName: 'Shell_TrayWnd' WindowName: ''