Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Human TP ActiveX AutoConnect Spooler Cryptographic] 'Start' = '00000002'
- 'C:\hmjydaemsrqxtub\rfvzfzx.exe' "c:\hmjydaemsrqxtub\mlbtkkp.exe"
- 'C:\hmjydaemsrqxtub\mlbtkkp.exe'
- 'C:\hmjydaemsrqxtub\t47zt2xhblnzir5hvfd.exe'
- C:\hmjydaemsrqxtub\mlbtkkp.exe
- C:\hmjydaemsrqxtub\rfvzfzx.exe
- C:\hmjydaemsrqxtub\lugmiyr
- %WINDIR%\hmjydaemsrqxtub\wekijdhkdapm
- C:\hmjydaemsrqxtub\wekijdhkdapm
- C:\hmjydaemsrqxtub\t47zt2xhblnzir5hvfd.exe
- C:\hmjydaemsrqxtub\rfvzfzx.exe
- C:\hmjydaemsrqxtub\mlbtkkp.exe
- C:\hmjydaemsrqxtub\t47zt2xhblnzir5hvfd.exe
- %WINDIR%\hmjydaemsrqxtub\wekijdhkdapm
- DNS ASK co####ecaught.net
- DNS ASK ch###caught.net
- DNS ASK of###strong.net
- DNS ASK of####rouble.net
- DNS ASK al###strong.net
- DNS ASK co#####president.net
- DNS ASK ch####rouble.net
- DNS ASK co####estrong.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK ch####resident.net
- DNS ASK co####etrouble.net
- ClassName: 'Shell_TrayWnd' WindowName: ''