Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Image Performance Encryption Store] 'Start' = '00000002'
- 'C:\lfvxbnt\idwybmxsod.exe' "c:\lfvxbnt\gslfguh.exe"
- 'C:\lfvxbnt\gslfguh.exe'
- 'C:\lfvxbnt\brmzi7cjyyporrtsljfb.exe'
- C:\lfvxbnt\gslfguh.exe
- C:\lfvxbnt\idwybmxsod.exe
- C:\lfvxbnt\txkrssr7b
- %WINDIR%\lfvxbnt\xb2hksdpr
- C:\lfvxbnt\xb2hksdpr
- C:\lfvxbnt\brmzi7cjyyporrtsljfb.exe
- C:\lfvxbnt\idwybmxsod.exe
- C:\lfvxbnt\gslfguh.exe
- C:\lfvxbnt\brmzi7cjyyporrtsljfb.exe
- %WINDIR%\lfvxbnt\xb2hksdpr
- DNS ASK we####rvalue.net
- DNS ASK am###tvalue.net
- DNS ASK th###almost.net
- DNS ASK th###reason.net
- DNS ASK cl###almost.net
- DNS ASK we####rreason.net
- DNS ASK am####reason.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK we####rorderly.net
- DNS ASK am####orderly.net
- ClassName: 'Shell_TrayWnd' WindowName: ''