Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Reports Logon Isolation Encryption] 'Start' = '00000002'
- 'C:\dyfvxynn\nctvhmn.exe' "c:\dyfvxynn\zoezkjjij.exe"
- 'C:\dyfvxynn\zoezkjjij.exe'
- 'C:\dyfvxynn\bs803wpnxpb2e7.exe'
- C:\dyfvxynn\zoezkjjij.exe
- C:\dyfvxynn\nctvhmn.exe
- C:\dyfvxynn\kiidujazku
- %WINDIR%\dyfvxynn\praomkc6aq
- C:\dyfvxynn\praomkc6aq
- C:\dyfvxynn\bs803wpnxpb2e7.exe
- C:\dyfvxynn\nctvhmn.exe
- C:\dyfvxynn\zoezkjjij.exe
- C:\dyfvxynn\bs803wpnxpb2e7.exe
- %WINDIR%\dyfvxynn\praomkc6aq
- DNS ASK ne#####rylanguage.net
- DNS ASK pl#####tlanguage.net
- DNS ASK pl####ntdevice.net
- DNS ASK pl####ntbefore.net
- DNS ASK ne####arydevice.net
- DNS ASK ne####arysettle.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK he###device.net
- DNS ASK di####ultbefore.net
- DNS ASK pl####ntsettle.net
- DNS ASK he###before.net
- ClassName: 'Shell_TrayWnd' WindowName: ''