Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Backup Protection Encrypting' = 'C:\ijtnkekoccjapqo\yzssniqpodsj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Endpoint Certificate Filtering Wired Program] 'ImagePath' = 'C:\ijtnkekoccjapqo\yzssniqpodsj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Endpoint Certificate Filtering Wired Program] 'Start' = '00000002'
- 'C:\ijtnkekoccjapqo\ckpmwkrjp.exe' "c:\ijtnkekoccjapqo\yzssniqpodsj.exe"
- 'C:\ijtnkekoccjapqo\yzssniqpodsj.exe'
- 'C:\ijtnkekoccjapqo\lnere4opsctvrcywf.exe'
- C:\ijtnkekoccjapqo\yzssniqpodsj.exe
- C:\ijtnkekoccjapqo\ckpmwkrjp.exe
- C:\ijtnkekoccjapqo\cbdtvvd
- %WINDIR%\ijtnkekoccjapqo\j1tahmtx
- C:\ijtnkekoccjapqo\j1tahmtx
- C:\ijtnkekoccjapqo\lnere4opsctvrcywf.exe
- C:\ijtnkekoccjapqo\ckpmwkrjp.exe
- C:\ijtnkekoccjapqo\yzssniqpodsj.exe
- C:\ijtnkekoccjapqo\lnere4opsctvrcywf.exe
- %WINDIR%\ijtnkekoccjapqo\j1tahmtx
- %WINDIR%\ijtnkekoccjapqo\j1tahmtx
- '41.##.10.183':48405
- '98.##.223.221':20922
- '93.##7.67.155':25640
- '78.##5.171.93':23699
- '12#.#60.123.173':36805
- '95.##8.241.220':49038
- '10#.#24.230.242':49777
- '18#.#38.249.34':37331
- '24.##9.216.168':33794
- ClassName: 'Shell_TrayWnd' WindowName: ''