Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SPP Locator Support COM+ Power' = 'C:\kneycdt\vgskqcxot.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\CardSpace Netlogon Secure Software Telephony] 'ImagePath' = 'C:\kneycdt\vgskqcxot.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\CardSpace Netlogon Secure Software Telephony] 'Start' = '00000002'
- 'C:\kneycdt\nimjgfjwz.exe' "c:\kneycdt\vgskqcxot.exe"
- 'C:\kneycdt\vgskqcxot.exe'
- 'C:\kneycdt\pcw2fo9muremvlpraqm.exe'
- C:\kneycdt\vgskqcxot.exe
- C:\kneycdt\nimjgfjwz.exe
- C:\kneycdt\gorhahto
- %WINDIR%\kneycdt\xnmvzt0n
- C:\kneycdt\xnmvzt0n
- C:\kneycdt\pcw2fo9muremvlpraqm.exe
- C:\kneycdt\nimjgfjwz.exe
- C:\kneycdt\vgskqcxot.exe
- C:\kneycdt\pcw2fo9muremvlpraqm.exe
- %WINDIR%\kneycdt\xnmvzt0n
- %WINDIR%\kneycdt\xnmvzt0n
- '20#.#70.58.68':37727
- '93.##7.67.155':25640
- '19#.#7.134.20':44965
- '12#.#60.112.138':27440
- '2.##.156.247':35711
- '80.##1.86.158':33631
- '84.##2.194.230':27426
- '78.##5.171.93':23699
- ClassName: 'Shell_TrayWnd' WindowName: ''