Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Security Image UserMode] 'Start' = '00000002'
- 'C:\jkximhodhauvdtm\rbrosvcmilr.exe' "c:\jkximhodhauvdtm\amrocyrdzg.exe"
- 'C:\jkximhodhauvdtm\amrocyrdzg.exe'
- 'C:\jkximhodhauvdtm\hmwz8qhrqqifptmainjt.exe'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_amrocyrdzg.exe_da34ef3a6ef2df12a2413dfda1b306e3490a4cd_cab_1ace9443"
- C:\jkximhodhauvdtm\amrocyrdzg.exe
- C:\jkximhodhauvdtm\rbrosvcmilr.exe
- C:\jkximhodhauvdtm\vtwse9
- %WINDIR%\jkximhodhauvdtm\jnfpqjxc
- C:\jkximhodhauvdtm\jnfpqjxc
- C:\jkximhodhauvdtm\hmwz8qhrqqifptmainjt.exe
- C:\jkximhodhauvdtm\rbrosvcmilr.exe
- C:\jkximhodhauvdtm\amrocyrdzg.exe
- C:\jkximhodhauvdtm\hmwz8qhrqqifptmainjt.exe
- %WINDIR%\jkximhodhauvdtm\jnfpqjxc
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_amrocyrdzg.exe_da34ef3a6ef2df12a2413dfda1b306e3490a4cd_cab_1ace9443\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_amrocyrdzg.exe_da34ef3a6ef2df12a2413dfda1b306e3490a4cd_cab_1ace9443\Report.wer
- DNS ASK he###banker.net
- DNS ASK di####ultbanker.net
- DNS ASK ne####aryfound.net
- DNS ASK pl####ntfound.net
- DNS ASK he####uccess.net
- DNS ASK he###spring.net
- DNS ASK di####ultspring.net
- DNS ASK di#####ltsuccess.net
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Shell_TrayWnd' WindowName: ''