Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Encrypting Collector Logs Sharing' = '%APPDATA%\Roaming\rtqwwutjbq\nhwtxpddldqv.exe'
- '%APPDATA%\Roaming\rtqwwutjbq\motaihtslt.exe' "%APPDATA%\Roaming\rtqwwutjbq\nhwtxpddldqv.exe"
- '%APPDATA%\Roaming\rtqwwutjbq\nhwtxpddldqv.exe'
- %APPDATA%\Roaming\rtqwwutjbq\nhwtxpddldqv.htqo
- %APPDATA%\Roaming\rtqwwutjbq\motaihtslt.exe
- %APPDATA%\Roaming\rtqwwutjbq\nhwtxpddldqv.exe
- %APPDATA%\Roaming\rtqwwutjbq\nhwtxpddldqv.exe
- DNS ASK wo###guard.net
- DNS ASK sm####traight.net
- DNS ASK sm###guard.net
- DNS ASK sm###fence.net
- DNS ASK wo###fence.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK wa###fence.net
- DNS ASK wo####irplane.net
- DNS ASK wo####traight.net
- DNS ASK sm####irplane.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''