Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Logs Collector Presentation Class Internet] 'Start' = '00000002'
- 'C:\mtfrtirth\ycrvphlz.exe' "c:\mtfrtirth\iofwdaabgn.exe"
- 'C:\mtfrtirth\iofwdaabgn.exe'
- 'C:\mtfrtirth\xpg5k8062huxngqjgtw1.exe'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_iofwdaabgn.exe_9c84fb1acb7e9e6c9916e6b2e4ae55ec74421a_cab_18860d77"
- C:\mtfrtirth\iofwdaabgn.exe
- C:\mtfrtirth\ycrvphlz.exe
- C:\mtfrtirth\ihswqj
- %WINDIR%\mtfrtirth\vmwg5g
- C:\mtfrtirth\vmwg5g
- C:\mtfrtirth\xpg5k8062huxngqjgtw1.exe
- C:\mtfrtirth\ycrvphlz.exe
- C:\mtfrtirth\iofwdaabgn.exe
- C:\mtfrtirth\xpg5k8062huxngqjgtw1.exe
- %WINDIR%\mtfrtirth\vmwg5g
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_iofwdaabgn.exe_9c84fb1acb7e9e6c9916e6b2e4ae55ec74421a_cab_18860d77\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_iofwdaabgn.exe_9c84fb1acb7e9e6c9916e6b2e4ae55ec74421a_cab_18860d77\Report.wer
- DNS ASK do###paint.net
- DNS ASK ag####tpaint.net
- DNS ASK do###course.net
- DNS ASK ag####tcourse.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK cl###dress.net
- DNS ASK do###clean.net
- DNS ASK ag####tclean.net
- ClassName: 'Shell_TrayWnd' WindowName: ''