Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Connections Tracking Background Support Windows] 'Start' = '00000002'
- 'C:\yqsztwzjshna\vdqsobimqwk.exe' "c:\yqsztwzjshna\didnpigz.exe"
- 'C:\yqsztwzjshna\didnpigz.exe'
- 'C:\yqsztwzjshna\ejz7ld2dsrfnatjze.exe'
- C:\yqsztwzjshna\didnpigz.exe
- C:\yqsztwzjshna\vdqsobimqwk.exe
- C:\yqsztwzjshna\qrbeqef5
- %WINDIR%\yqsztwzjshna\kelgw9mda8
- C:\yqsztwzjshna\kelgw9mda8
- C:\yqsztwzjshna\ejz7ld2dsrfnatjze.exe
- C:\yqsztwzjshna\vdqsobimqwk.exe
- C:\yqsztwzjshna\didnpigz.exe
- C:\yqsztwzjshna\ejz7ld2dsrfnatjze.exe
- %WINDIR%\yqsztwzjshna\kelgw9mda8
- DNS ASK re####etrouble.net
- DNS ASK or####rouble.net
- DNS ASK or####resident.net
- DNS ASK or###caught.net
- DNS ASK re#####president.net
- DNS ASK re####estrong.net
- DNS ASK pl####ntcaught.net
- DNS ASK ne#####rypresident.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK or###strong.net
- DNS ASK ne####arycaught.net
- ClassName: 'Shell_TrayWnd' WindowName: ''