Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Tablet Portable Security KtmRm Function' = 'C:\jehwvwuifbwkh\dvsynukko.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Window RPC Source Remote Process Hardware] 'ImagePath' = 'C:\jehwvwuifbwkh\dvsynukko.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Window RPC Source Remote Process Hardware] 'Start' = '00000002'
- 'C:\jehwvwuifbwkh\rotdvhrnjtg.exe' "c:\jehwvwuifbwkh\dvsynukko.exe"
- 'C:\jehwvwuifbwkh\dvsynukko.exe'
- 'C:\jehwvwuifbwkh\oaj2v3dl0yb7otei.exe'
- C:\jehwvwuifbwkh\dvsynukko.exe
- C:\jehwvwuifbwkh\rotdvhrnjtg.exe
- C:\jehwvwuifbwkh\zbfkkjozfci
- %WINDIR%\jehwvwuifbwkh\lxblmixym
- C:\jehwvwuifbwkh\lxblmixym
- C:\jehwvwuifbwkh\oaj2v3dl0yb7otei.exe
- C:\jehwvwuifbwkh\rotdvhrnjtg.exe
- C:\jehwvwuifbwkh\dvsynukko.exe
- C:\jehwvwuifbwkh\oaj2v3dl0yb7otei.exe
- %WINDIR%\jehwvwuifbwkh\lxblmixym
- %WINDIR%\jehwvwuifbwkh\lxblmixym
- '18#.#38.249.34':37331
- '10#.#29.186.201':47507
- '18#.#39.139.100':37599
- '2.##.19.50':35833
- '10#.#4.136.243':42581
- '18#.#23.70.113':37727
- '81.##7.50.99':52074
- '94.##1.114.138':44254
- '78.##5.171.93':23699
- '5.##.19.242':27426
- '22#.#1.110.45':48008
- '21#.#7.168.28':52231
- '17#.#50.138.208':20422
- ClassName: 'Shell_TrayWnd' WindowName: ''