Техническая информация
- [HKLM\System\CurrentControlSet\Services\WMI Upgrade Remote WLAN PNRP] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\WMI Upgrade Remote WLAN PNRP] 'ImagePath' = 'C:\ujxwynp\nrncaak.exe'
- 'WMI Upgrade Remote WLAN PNRP' C:\ujxwynp\nrncaak.exe
- %WINDIR%\ujxwynp\g4nwkhmmu
- C:\ujxwynp\g4nwkhmmu
- C:\ujxwynp\wtwh0n6xxiwdhwnrzha.exe
- C:\ujxwynp\nrncaak.exe
- C:\ujxwynp\ldtmyefq.exe
- C:\ujxwynp\xbikkttn
- C:\ujxwynp\nrncaak.exe
- C:\ujxwynp\ldtmyefq.exe
- %WINDIR%\ujxwynp\g4nwkhmmu
- C:\ujxwynp\wtwh0n6xxiwdhwnrzha.exe
- %WINDIR%\ujxwynp\g4nwkhmmu
- DNS ASK fa####number.net
- DNS ASK ch#####nposition.net
- DNS ASK fa####position.net
- DNS ASK ch####enstrike.net
- DNS ASK fa####strike.net
- DNS ASK ch####enpartial.net
- DNS ASK fa####partial.net
- DNS ASK ei####number.net
- 'C:\ujxwynp\wtwh0n6xxiwdhwnrzha.exe'
- 'C:\ujxwynp\nrncaak.exe'
- 'C:\ujxwynp\ldtmyefq.exe' "c:\ujxwynp\nrncaak.exe"