Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Cryptographic Agent User Trap Endpoint' = 'C:\svxqytwy\tofucwnyha.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Tablet Redirector Auto Panel DNS] 'Start' = '00000002'
- 'C:\svxqytwy\wmxuplomtwsv.exe' "c:\svxqytwy\tofucwnyha.exe"
- 'C:\svxqytwy\tofucwnyha.exe'
- 'C:\svxqytwy\vgjoy5adqyunzlylu.exe'
- C:\svxqytwy\tofucwnyha.exe
- C:\svxqytwy\wmxuplomtwsv.exe
- C:\svxqytwy\sykshzvtf
- %WINDIR%\svxqytwy\j8b5ggo
- C:\svxqytwy\j8b5ggo
- C:\svxqytwy\vgjoy5adqyunzlylu.exe
- C:\svxqytwy\wmxuplomtwsv.exe
- C:\svxqytwy\tofucwnyha.exe
- C:\svxqytwy\vgjoy5adqyunzlylu.exe
- %WINDIR%\svxqytwy\j8b5ggo
- 'gl###nearly.net':80
- 'an####happen.net':80
- 'an####nearly.net':80
- 'de###eshare.net':80
- 'fo####dshare.net':80
- http://gl###nearly.net/index.php
- http://an####happen.net/index.php
- http://an####nearly.net/index.php
- http://de###eshare.net/index.php
- http://fo####dshare.net/index.php
- DNS ASK an####happen.net
- DNS ASK gl###happen.net
- DNS ASK an###rshake.net
- DNS ASK gl###nearly.net
- DNS ASK de###eshare.net
- DNS ASK fo####dshare.net
- DNS ASK an####nearly.net
- ClassName: 'Shell_TrayWnd' WindowName: ''