Техническая информация
- <SYSTEM32>\tasks\f1qha
- [HKLM\System\CurrentControlSet\Services\TCLService] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\TCLService] 'ImagePath' = 'C:\Users\TTruespanl.sys'
- 'TCLService' C:\Users\TTruespanl.sys
- %ProgramFiles(x86)%\mcg8qi\mcg8qi.exe
- %ProgramFiles(x86)%\pgphk.dll
- %ProgramFiles(x86)%\1.gif
- %ProgramFiles(x86)%\2.jpg
- %ALLUSERSPROFILE%\destopbak.ini
- C:\users\public\downloads\installup.ini
- C:\users\ttruespanl.sys
- %ProgramFiles(x86)%\o1zvlw\o1zvlw.exe
- %ProgramFiles(x86)%\o1zvlw\sbiedll.dll
- %ProgramFiles(x86)%\o1zvlw\log.src
- %ProgramFiles(x86)%\mcg8qi\mcg8qi.exe
- %ProgramFiles(x86)%\pgphk.dll
- %ProgramFiles(x86)%\1.gif
- %ProgramFiles(x86)%\2.jpg
- %ALLUSERSPROFILE%\destopbak.ini
- 'te####.###-cn-beijing.aliyuncs.com':443
- 'te##.#####n-hangzhou.aliyuncs.com':443
- 'm3##.#####n-hangzhou.aliyuncs.com':443
- 'te####.###-cn-beijing.aliyuncs.com':443
- 'te##.#####n-hangzhou.aliyuncs.com':443
- 'm3##.#####n-hangzhou.aliyuncs.com':443
- DNS ASK te####.###-cn-beijing.aliyuncs.com
- DNS ASK te##.#####n-hangzhou.aliyuncs.com
- DNS ASK m3##.#####n-hangzhou.aliyuncs.com
- '%ProgramFiles(x86)%\mcg8qi\mcg8qi.exe'
- '<SYSTEM32>\taskeng.exe' {03317422-D074-40AD-BAB1-5E3143B6E84B} S-1-5-21-3691498038-2086406363-2140527554-1000:bhgipiuyegef\user:Interactive:[1]
- '%ProgramFiles(x86)%\mcg8qi\mcg8qi.exe' (со скрытым окном)