Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\ActiveX Registry Awareness] 'Start' = '00000002'
- 'C:\ktfsffrjisum\eqasjtqir.exe' "c:\ktfsffrjisum\tzyhljh.exe"
- 'C:\ktfsffrjisum\tzyhljh.exe'
- 'C:\ktfsffrjisum\xzc18c94haximfxilz.exe'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tzyhljh.exe_f0d0c7a135a1993f91ffc846f6ad67c01366ccc6_cab_18e23aed"
- C:\ktfsffrjisum\tzyhljh.exe
- C:\ktfsffrjisum\eqasjtqir.exe
- C:\ktfsffrjisum\hl1suhtxd4
- %WINDIR%\ktfsffrjisum\hoclkd
- C:\ktfsffrjisum\hoclkd
- C:\ktfsffrjisum\xzc18c94haximfxilz.exe
- C:\ktfsffrjisum\eqasjtqir.exe
- C:\ktfsffrjisum\tzyhljh.exe
- C:\ktfsffrjisum\xzc18c94haximfxilz.exe
- %WINDIR%\ktfsffrjisum\hoclkd
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tzyhljh.exe_f0d0c7a135a1993f91ffc846f6ad67c01366ccc6_cab_18e23aed\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tzyhljh.exe_f0d0c7a135a1993f91ffc846f6ad67c01366ccc6_cab_18e23aed\Report.wer
- DNS ASK tw####trouble.net
- DNS ASK mi####trouble.net
- DNS ASK tw####president.net
- DNS ASK mi####president.net
- DNS ASK tw####strong.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK of###caught.net
- DNS ASK mi####strong.net
- DNS ASK al###caught.net
- ClassName: 'Shell_TrayWnd' WindowName: ''