Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ordering Encrypting Volume' = 'C:\gerdypiqu\odrmqvszdxaj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Protected Filtering Proxy Auto Procedure] 'ImagePath' = 'C:\gerdypiqu\odrmqvszdxaj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Protected Filtering Proxy Auto Procedure] 'Start' = '00000002'
- 'C:\gerdypiqu\ttmliiaciwhn.exe' "c:\gerdypiqu\odrmqvszdxaj.exe"
- 'C:\gerdypiqu\odrmqvszdxaj.exe'
- 'C:\gerdypiqu\cuz2o8ukubiinmrxb.exe'
- C:\gerdypiqu\odrmqvszdxaj.exe
- C:\gerdypiqu\ttmliiaciwhn.exe
- C:\gerdypiqu\slukecdbg
- %WINDIR%\gerdypiqu\tlxydhslp0
- C:\gerdypiqu\tlxydhslp0
- C:\gerdypiqu\cuz2o8ukubiinmrxb.exe
- C:\gerdypiqu\ttmliiaciwhn.exe
- C:\gerdypiqu\odrmqvszdxaj.exe
- C:\gerdypiqu\cuz2o8ukubiinmrxb.exe
- %WINDIR%\gerdypiqu\tlxydhslp0
- %WINDIR%\gerdypiqu\tlxydhslp0
- '10#.#02.79.27':36272
- '20#.#23.152.97':27682
- '10#.#46.77.146':33927
- '20#.#93.204.80':37195
- '18#.#55.19.91':30767
- '15#.#82.245.137':33982
- '92.##7.45.207':21921
- '80.#4.199.6':49579
- ClassName: 'Shell_TrayWnd' WindowName: ''