Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\dxtmsft] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\dxtmsft] 'ImagePath' = '"%WINDIR%\SysWOW64\dxtmsft\dxtmsft.exe"'
- 'dxtmsft' "%WINDIR%\SysWOW64\dxtmsft\dxtmsft.exe"
- 'dxtmsft' %WINDIR%\SysWOW64\dxtmsft\dxtmsft.exe
- из <Полный путь к файлу> в %WINDIR%\syswow64\dxtmsft\dxtmsft.exe
- '20#.#19.11.118':443
- '10#.#3.81.141':8080
- '19#.#29.148.144':80
- http://19#.#29.148.144/nmWYCyAgu3ANLsFJOL3/GfKq3iKrFdUG7dUSwJ/fvrbWTmADPnARH/Ija5Y2GECM7r0xWGOi/yJU4xisnatiqmlhUeY/3JHkysJLR4OBdYB0/