Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Video Modules Helper UserMode Accounts' = 'C:\hkfsurvxg\rrndacfh.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Configuration Task SNMP Backup] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Configuration Task SNMP Backup] 'ImagePath' = 'C:\hkfsurvxg\rrndacfh.exe'
- %WINDIR%\hkfsurvxg\rdq8yv
- C:\hkfsurvxg\rdq8yv
- C:\hkfsurvxg\eyqz2oq7tqomcuqsbqdz.exe
- C:\hkfsurvxg\rrndacfh.exe
- C:\hkfsurvxg\itlzeqpvb.exe
- C:\hkfsurvxg\kfzpnnzcxy
- C:\hkfsurvxg\rrndacfh.exe
- C:\hkfsurvxg\itlzeqpvb.exe
- %WINDIR%\hkfsurvxg\rdq8yv
- C:\hkfsurvxg\eyqz2oq7tqomcuqsbqdz.exe
- %WINDIR%\hkfsurvxg\rdq8yv
- '10#.#02.79.27':36272
- '19#.#6.240.249':21875
- '86.##5.19.130':27743
- '21#.#65.0.136':35711
- '95.##.58.101':23245
- '10#.#4.136.243':42581
- '81.##4.87.112':37714
- '82.##7.164.91':40801
- '62.##.253.114':51156
- '87.##.38.225':33631
- '18#.#0.243.3':25741
- 'C:\hkfsurvxg\eyqz2oq7tqomcuqsbqdz.exe'
- 'C:\hkfsurvxg\rrndacfh.exe'
- 'C:\hkfsurvxg\itlzeqpvb.exe' "c:\hkfsurvxg\rrndacfh.exe"