Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Computer Process Now Filtering TCP/IP' = 'C:\djgtvoqqgkrtv\yiuplqb.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Telephony Encryption Link-Layer Application] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Telephony Encryption Link-Layer Application] 'ImagePath' = 'C:\djgtvoqqgkrtv\yiuplqb.exe'
- %WINDIR%\djgtvoqqgkrtv\txgb6tp4ukr
- C:\djgtvoqqgkrtv\txgb6tp4ukr
- C:\djgtvoqqgkrtv\pu2zudzkupwqtbi.exe
- C:\djgtvoqqgkrtv\yiuplqb.exe
- C:\djgtvoqqgkrtv\asylooinetr.exe
- C:\djgtvoqqgkrtv\bucpjdyizd
- C:\djgtvoqqgkrtv\yiuplqb.exe
- C:\djgtvoqqgkrtv\asylooinetr.exe
- %WINDIR%\djgtvoqqgkrtv\txgb6tp4ukr
- C:\djgtvoqqgkrtv\pu2zudzkupwqtbi.exe
- %WINDIR%\djgtvoqqgkrtv\txgb6tp4ukr
- '18#.#22.43.28':46084
- '18#.#31.193.123':28122
- '19#.#7.134.20':44965
- '21#.#65.0.136':35711
- '18#.#0.243.3':25741
- '86.##5.19.130':27743
- '77.##7.13.68':30018
- '5.##.19.242':27426
- '18#.#23.70.113':37727
- '41.##2.44.224':45860
- 'C:\djgtvoqqgkrtv\pu2zudzkupwqtbi.exe'
- 'C:\djgtvoqqgkrtv\yiuplqb.exe'
- 'C:\djgtvoqqgkrtv\asylooinetr.exe' "c:\djgtvoqqgkrtv\yiuplqb.exe"