Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Background Print Link Services] 'Start' = '00000002'
- 'C:\gfpqwwktenswarg\rspdhzerekdt.exe' "c:\gfpqwwktenswarg\ysmzjxf.exe"
- 'C:\gfpqwwktenswarg\ysmzjxf.exe'
- 'C:\gfpqwwktenswarg\xz7m27iuyah7p5ps.exe'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ysmzjxf.exe_4fd845e25ff9e59b5b7577419f07f50a69cdf2_cab_1949b72e"
- C:\gfpqwwktenswarg\ysmzjxf.exe
- C:\gfpqwwktenswarg\rspdhzerekdt.exe
- C:\gfpqwwktenswarg\pisyeutz
- %WINDIR%\gfpqwwktenswarg\kruosos
- C:\gfpqwwktenswarg\kruosos
- C:\gfpqwwktenswarg\xz7m27iuyah7p5ps.exe
- C:\gfpqwwktenswarg\rspdhzerekdt.exe
- C:\gfpqwwktenswarg\ysmzjxf.exe
- C:\gfpqwwktenswarg\xz7m27iuyah7p5ps.exe
- %WINDIR%\gfpqwwktenswarg\kruosos
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ysmzjxf.exe_4fd845e25ff9e59b5b7577419f07f50a69cdf2_cab_1949b72e\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ysmzjxf.exe_4fd845e25ff9e59b5b7577419f07f50a69cdf2_cab_1949b72e\Report.wer
- DNS ASK re####esettle.net
- DNS ASK or###settle.net
- DNS ASK re####elanguage.net
- DNS ASK or####anguage.net
- DNS ASK ne####arybefore.net
- DNS ASK ne####arydevice.net
- DNS ASK pl####ntdevice.net
- DNS ASK pl####ntbefore.net
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Shell_TrayWnd' WindowName: ''