Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Tracking Encryption Layer Storage' = '<SYSTEM32>\kfurvnrxclam.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Upgrade Error COM Helper] 'Start' = '00000002'
- Центр обеспечения безопасности (Security Center)
- '<SYSTEM32>\usvzheyvjhd.exe' "<SYSTEM32>\kfurvnrxclam.exe"
- '%WINDIR%\Temp\tbpbr8jx2twea0.exe' -r 23999 tcp
- '%TEMP%\tbpbr8jx2ou4a0ozs7lzng.exe'
- '<SYSTEM32>\kfurvnrxclam.exe'
- <SYSTEM32>\oiheaeof\run
- <SYSTEM32>\oiheaeof\rng
- %WINDIR%\Temp\tbpbr8jx2twea0.exe
- <SYSTEM32>\oiheaeof\cfg
- <SYSTEM32>\usvzheyvjhd.exe
- %TEMP%\tbpbr8jx2ou4a0ozs7lzng.exe
- <SYSTEM32>\oiheaeof\tst
- <SYSTEM32>\kfurvnrxclam.exe
- <SYSTEM32>\oiheaeof\etc
- <SYSTEM32>\usvzheyvjhd.exe
- <SYSTEM32>\kfurvnrxclam.exe
- %WINDIR%\Temp\tbpbr8jx2twea0.exe
- <DRIVERS>\etc\hosts
- %TEMP%\tbpbr8jx2ou4a0ozs7lzng.exe
- '23#.#55.255.250':1900
- ClassName: 'Shell_TrayWnd' WindowName: ''