Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Windows Interactive Credential Web] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Windows Interactive Credential Web] 'ImagePath' = 'C:\gzlthwbwdkqr\gjwcytswa.exe'
- 'Windows Interactive Credential Web' C:\gzlthwbwdkqr\gjwcytswa.exe
- %WINDIR%\gzlthwbwdkqr\pansnqouvby
- C:\gzlthwbwdkqr\pansnqouvby
- C:\gzlthwbwdkqr\jstwoxrxicnbq8j1.exe
- C:\gzlthwbwdkqr\gjwcytswa.exe
- C:\gzlthwbwdkqr\lorwotxdwdp.exe
- C:\gzlthwbwdkqr\cshuuc
- C:\gzlthwbwdkqr\gjwcytswa.exe
- C:\gzlthwbwdkqr\lorwotxdwdp.exe
- %WINDIR%\gzlthwbwdkqr\pansnqouvby
- C:\gzlthwbwdkqr\jstwoxrxicnbq8j1.exe
- %WINDIR%\gzlthwbwdkqr\pansnqouvby
- '11#.#18.187.28':42065
- '20#.#36.131.186':52293
- '18#.#23.70.113':37727
- '20#.#23.152.97':27682
- '70.##2.38.96':41500
- '18#.#31.193.123':28122
- '15#.#82.245.137':33982
- 'C:\gzlthwbwdkqr\jstwoxrxicnbq8j1.exe'
- 'C:\gzlthwbwdkqr\gjwcytswa.exe'
- 'C:\gzlthwbwdkqr\lorwotxdwdp.exe' "c:\gzlthwbwdkqr\gjwcytswa.exe"