Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Awareness Secondary UserMode Location' = 'C:\xbvcquoi\gctdssic.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Provider Trap Host Office Extender PnP-X] 'ImagePath' = 'C:\xbvcquoi\gctdssic.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Provider Trap Host Office Extender PnP-X] 'Start' = '00000002'
- 'C:\xbvcquoi\wvtgssvbno.exe' "c:\xbvcquoi\gctdssic.exe"
- 'C:\xbvcquoi\gctdssic.exe'
- 'C:\xbvcquoi\mmi2yzkwtgysqbcz8.exe'
- %TEMP%\WER40d8.dir00\wvtgssvbno.exe.mdmp
- C:\xbvcquoi\gpmcxluatvq
- %TEMP%\WER40d8.dir00\wvtgssvbno.exe.hdmp
- %TEMP%\WER40d8.dir00\manifest.txt
- %TEMP%\WER40d8.dir00\appcompat.txt
- C:\xbvcquoi\qh4wxwl
- %WINDIR%\xbvcquoi\qh4wxwl
- C:\xbvcquoi\mmi2yzkwtgysqbcz8.exe
- C:\xbvcquoi\wvtgssvbno.exe
- C:\xbvcquoi\gctdssic.exe
- C:\xbvcquoi\wvtgssvbno.exe
- C:\xbvcquoi\gctdssic.exe
- C:\xbvcquoi\mmi2yzkwtgysqbcz8.exe
- %WINDIR%\xbvcquoi\qh4wxwl
- %WINDIR%\xbvcquoi\qh4wxwl
- '18#.#39.139.100':37599
- '86.##5.19.130':27743
- '20#.#95.172.22':41884
- '86.#8.69.58':22437
- '5.##.147.5':26337
- '95.##.58.101':23245
- '21#.#7.168.28':52231
- '2.##.19.50':35833
- '86.##.69.232':41590
- '73.##.228.84':36884
- '18#.#42.145.105':26662
- '12#.#60.123.173':36805
- '20#.#7.225.58':33073
- '79.##7.196.121':45688
- '19#.#7.134.20':44965
- '10#.#24.230.242':49777
- ClassName: 'Shell_TrayWnd' WindowName: ''