Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Telephony Themes Task CardSpace Now] 'Start' = '00000002'
- 'C:\cnazntjztbow\xlupgmoyox.exe' "c:\cnazntjztbow\vttttfh.exe"
- 'C:\cnazntjztbow\vttttfh.exe'
- 'C:\cnazntjztbow\ek8bocydh6wll4.exe'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vttttfh.exe_6bd7f9a7ff6e487f89730663da7d06dc058c94_cab_17d63487"
- C:\cnazntjztbow\vttttfh.exe
- C:\cnazntjztbow\xlupgmoyox.exe
- C:\cnazntjztbow\ywvxjjipws5
- %WINDIR%\cnazntjztbow\uqxwdoxym1
- C:\cnazntjztbow\uqxwdoxym1
- C:\cnazntjztbow\ek8bocydh6wll4.exe
- C:\cnazntjztbow\xlupgmoyox.exe
- C:\cnazntjztbow\vttttfh.exe
- C:\cnazntjztbow\ek8bocydh6wll4.exe
- %WINDIR%\cnazntjztbow\uqxwdoxym1
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vttttfh.exe_6bd7f9a7ff6e487f89730663da7d06dc058c94_cab_17d63487\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vttttfh.exe_6bd7f9a7ff6e487f89730663da7d06dc058c94_cab_17d63487\Report.wer
- DNS ASK ag####tmaster.net
- DNS ASK do####ontinue.net
- DNS ASK ag####twonder.net
- DNS ASK do###master.net
- DNS ASK ag####tcontinue.net
- DNS ASK qu###caught.net
- DNS ASK se####president.net
- DNS ASK se####caught.net
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Shell_TrayWnd' WindowName: ''