Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Backup Identity Web Player' = 'C:\frikuzpxp\hfncgsk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Gateway Link-Layer Process Engine] 'ImagePath' = 'C:\frikuzpxp\hfncgsk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Gateway Link-Layer Process Engine] 'Start' = '00000002'
- 'C:\frikuzpxp\ngmgndxrtid.exe' "c:\frikuzpxp\hfncgsk.exe"
- 'C:\frikuzpxp\hfncgsk.exe'
- 'C:\frikuzpxp\wun2omqqltqb4snbn.exe'
- C:\frikuzpxp\hfncgsk.exe
- C:\frikuzpxp\ngmgndxrtid.exe
- C:\frikuzpxp\yaqr82rkx
- %WINDIR%\frikuzpxp\vfbdnm
- C:\frikuzpxp\vfbdnm
- C:\frikuzpxp\wun2omqqltqb4snbn.exe
- C:\frikuzpxp\ngmgndxrtid.exe
- C:\frikuzpxp\hfncgsk.exe
- C:\frikuzpxp\wun2omqqltqb4snbn.exe
- %WINDIR%\frikuzpxp\vfbdnm
- '10#.#2.195.20':39160
- '18#.#45.182.189':37331
- '22#.#1.110.45':48008
- '19#.#7.134.20':44965
- '5.##.147.158':23144
- '12#.#60.112.138':27440
- '19#.74.51.3':32904
- '79.##5.10.236':21201
- ClassName: 'Shell_TrayWnd' WindowName: ''