Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Keying Socket File RPC Resource Volume' = '<SYSTEM32>\xhgxvea.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Driver Backup Interactive Intelligent] 'Start' = '00000002'
- Центр обеспечения безопасности (Security Center)
- '<SYSTEM32>\hkjomdeoxn.exe' "<SYSTEM32>\xhgxvea.exe"
- '%WINDIR%\Temp\aqyjhzw2txpjy.exe' -r 38062 tcp
- '%TEMP%\aqyjhzw2p69jyjxkg7s.exe'
- '<SYSTEM32>\xhgxvea.exe'
- <SYSTEM32>\hzvpatwufmefjlm\run
- <SYSTEM32>\hzvpatwufmefjlm\rng
- %WINDIR%\Temp\aqyjhzw2txpjy.exe
- <SYSTEM32>\hzvpatwufmefjlm\cfg
- <SYSTEM32>\hkjomdeoxn.exe
- %TEMP%\aqyjhzw2p69jyjxkg7s.exe
- <SYSTEM32>\hzvpatwufmefjlm\tst
- <SYSTEM32>\xhgxvea.exe
- <SYSTEM32>\hzvpatwufmefjlm\etc
- <SYSTEM32>\hkjomdeoxn.exe
- <SYSTEM32>\xhgxvea.exe
- %WINDIR%\Temp\aqyjhzw2txpjy.exe
- <DRIVERS>\etc\hosts
- %TEMP%\aqyjhzw2p69jyjxkg7s.exe
- '23#.#55.255.250':1900
- ClassName: 'Shell_TrayWnd' WindowName: ''