Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Peer Shell Thread Protection Tunneling] 'Start' = '00000002'
- 'C:\xyvnpgbyjbzc\lcqbpnr.exe' "c:\xyvnpgbyjbzc\bdojwhpbr.exe"
- 'C:\xyvnpgbyjbzc\bdojwhpbr.exe'
- 'C:\xyvnpgbyjbzc\oowx8brdmclxmxryue.exe'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bdojwhpbr.exe_4f296732df995d976f6edb043bf538aaf4e1de0_cab_19964fd4"
- C:\xyvnpgbyjbzc\bdojwhpbr.exe
- C:\xyvnpgbyjbzc\lcqbpnr.exe
- C:\xyvnpgbyjbzc\wy0aq0ffxos
- %WINDIR%\xyvnpgbyjbzc\cuytsrgk
- C:\xyvnpgbyjbzc\cuytsrgk
- C:\xyvnpgbyjbzc\oowx8brdmclxmxryue.exe
- C:\xyvnpgbyjbzc\lcqbpnr.exe
- C:\xyvnpgbyjbzc\bdojwhpbr.exe
- C:\xyvnpgbyjbzc\oowx8brdmclxmxryue.exe
- %WINDIR%\xyvnpgbyjbzc\cuytsrgk
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bdojwhpbr.exe_4f296732df995d976f6edb043bf538aaf4e1de0_cab_19964fd4\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bdojwhpbr.exe_4f296732df995d976f6edb043bf538aaf4e1de0_cab_19964fd4\Report.wer
- DNS ASK de####believe.net
- DNS ASK ni####elieve.net
- DNS ASK de####receive.net
- DNS ASK ni####eceive.net
- DNS ASK de####branch.net
- DNS ASK do####uarter.net
- DNS ASK ag####tquarter.net
- DNS ASK ni###branch.net
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Shell_TrayWnd' WindowName: ''