Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Network Health Networking Builder Removal' = 'C:\gevuskd\plzhmbzctr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Power Function Support] 'ImagePath' = 'C:\gevuskd\plzhmbzctr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Power Function Support] 'Start' = '00000002'
- 'C:\gevuskd\qnypbvlfrgmi.exe' "c:\gevuskd\plzhmbzctr.exe"
- 'C:\gevuskd\plzhmbzctr.exe'
- 'C:\gevuskd\dyj33btfabykdocqqz.exe'
- C:\gevuskd\plzhmbzctr.exe
- C:\gevuskd\qnypbvlfrgmi.exe
- C:\gevuskd\siunkmmd
- %WINDIR%\gevuskd\nhjeovj1bf
- C:\gevuskd\nhjeovj1bf
- C:\gevuskd\dyj33btfabykdocqqz.exe
- C:\gevuskd\qnypbvlfrgmi.exe
- C:\gevuskd\plzhmbzctr.exe
- C:\gevuskd\dyj33btfabykdocqqz.exe
- %WINDIR%\gevuskd\nhjeovj1bf
- %WINDIR%\gevuskd\nhjeovj1bf
- '77.##8.205.139':22969
- '20#.#70.58.68':37727
- '18#.#55.235.72':28122
- '2.##.167.151':22437
- '98.##.239.20':20922
- '21#.#07.110.82':26314
- '10#.#25.112.152':47507
- '84.##2.194.230':27426
- ClassName: 'Shell_TrayWnd' WindowName: ''