Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager\SubSystems] 'Windows' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3740985065' = '"%APPDATA%\Afykdoiw\ihlye.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2552896895' = '"%APPDATA%\Afykdoiw\ihlye.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3740985065' = '"%APPDATA%\Afykdoiw\ihlye.exe"'
- %WINDIR%\Tasks\Security Center Update - 3830654339.job
- [<HKLM>\SYSTEM\ControlSet001\Services\SecurityCenterServer3830654339] 'Start' = '00000002'
- %APPDATA%\Afykdoiw\ihlye.exe -child
- %APPDATA%\Afykdoiw\ihlye.exe
- <SYSTEM32>\winsec32.exe -service "%APPDATA%\Afykdoiw\ihlye.exe"
- <SYSTEM32>\wbem\wmiadap.exe /R /T
- <SYSTEM32>\winsec32.exe
- %TEMP%\tmpa7db79ac.bat
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %APPDATA%\Afykdoiw\ihlye.exe
- ClassName: 'Indicator' WindowName: ''