Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nnyvvnju' = '%TEMP%\Nuqsfnayop\fopybavnju.exe'
- %TEMP%\svozyhpdbp.pre
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\svchost.exe
- %TEMP%\Nuqsfnayop\fopybavnju.exe
- %TEMP%\svozyhpdbp.pre
- %TEMP%\Nuqsfnayop\fopybavnju.exe
- %TEMP%\svozyhpdbp.pre
- 'pr####tomash.com':80
- pr####tomash.com/UTP402HEAD.php?lt#################################################################################
- DNS ASK pr####tomash.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''