Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Workstation Panel DCOM User-mode' = '<SYSTEM32>\tkowbmzhohk.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\tkowbmzhohk.exe
- '<SYSTEM32>\qwfbqjfyty.exe' "<SYSTEM32>\tkowbmzhohk.exe"
- '<SYSTEM32>\tkowbmzhohk.exe'
- '%TEMP%\djdrvxj48zdthxwfwqmuyv.exe'
- <SYSTEM32>\xhizrmcfdyk\rng
- <SYSTEM32>\qwfbqjfyty.exe
- <SYSTEM32>\xhizrmcfdyk\cfg
- <SYSTEM32>\xhizrmcfdyk\run
- <SYSTEM32>\tkowbmzhohk.exe
- %TEMP%\djdrvxj48zdthxwfwqmuyv.exe
- <SYSTEM32>\xhizrmcfdyk\tst
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\user.js
- <SYSTEM32>\qwfbqjfyty.exe
- <SYSTEM32>\tkowbmzhohk.exe
- %TEMP%\djdrvxj48zdthxwfwqmuyv.exe
- DNS ASK sp###aguga.net
- DNS ASK oi###agyta.net
- DNS ASK el#####arimagine.com
- DNS ASK go#####everytime.net
- DNS ASK ma######elemelefresh.net
- DNS ASK pu#####vibrations.net
- DNS ASK pu#####vibrations.com
- DNS ASK sp###aguga.com
- DNS ASK oi###agyta.com
- DNS ASK ja###uter.com
- DNS ASK go#####everytime.com
- DNS ASK ma######elemelefresh.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'