Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Source Software Modules Logon AuthIP] 'Start' = '00000002'
- 'C:\lqwgzwtfgmm\vhcyshwkpit.exe' "c:\lqwgzwtfgmm\shtuecjrl.exe"
- 'C:\lqwgzwtfgmm\shtuecjrl.exe'
- 'C:\lqwgzwtfgmm\ye7yngpdrozlletzax.exe'
- C:\lqwgzwtfgmm\shtuecjrl.exe
- C:\lqwgzwtfgmm\vhcyshwkpit.exe
- C:\lqwgzwtfgmm\z8dimlzpp
- %WINDIR%\lqwgzwtfgmm\tewbo8vr
- C:\lqwgzwtfgmm\tewbo8vr
- C:\lqwgzwtfgmm\ye7yngpdrozlletzax.exe
- C:\lqwgzwtfgmm\vhcyshwkpit.exe
- C:\lqwgzwtfgmm\shtuecjrl.exe
- C:\lqwgzwtfgmm\ye7yngpdrozlletzax.exe
- %WINDIR%\lqwgzwtfgmm\tewbo8vr
- DNS ASK wi####therefore.net
- DNS ASK su####question.net
- DNS ASK su####therefore.net
- DNS ASK th####hschool.net
- DNS ASK ef####school.net
- DNS ASK wi####question.net
- DNS ASK su####school.net
- DNS ASK wi####school.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK su###rwhile.net
- DNS ASK wi###nwhile.net
- ClassName: 'Shell_TrayWnd' WindowName: ''