Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Group Update Socket TP Scheduler] 'Start' = '00000002'
- 'C:\ohlwgykru\bivclhixfbzh.exe' "c:\ohlwgykru\nokvxtbtclwc.exe"
- 'C:\ohlwgykru\nokvxtbtclwc.exe'
- 'C:\ohlwgykru\rwovffx7wxgjhnupt.exe'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nokvxtbtclwc.exe_a5d9dcebcf62ab43c32a45309df370a3bedd50e3_cab_1a6f558e"
- C:\ohlwgykru\nokvxtbtclwc.exe
- C:\ohlwgykru\bivclhixfbzh.exe
- C:\ohlwgykru\hfqnpvbquojw
- %WINDIR%\ohlwgykru\t63cwdu
- C:\ohlwgykru\t63cwdu
- C:\ohlwgykru\rwovffx7wxgjhnupt.exe
- C:\ohlwgykru\bivclhixfbzh.exe
- C:\ohlwgykru\nokvxtbtclwc.exe
- C:\ohlwgykru\rwovffx7wxgjhnupt.exe
- %WINDIR%\ohlwgykru\t63cwdu
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nokvxtbtclwc.exe_a5d9dcebcf62ab43c32a45309df370a3bedd50e3_cab_1a6f558e\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nokvxtbtclwc.exe_a5d9dcebcf62ab43c32a45309df370a3bedd50e3_cab_1a6f558e\Report.wer
- DNS ASK we####rvalue.net
- DNS ASK am###tvalue.net
- DNS ASK cl###almost.net
- DNS ASK th###almost.net
- DNS ASK we####rorderly.net
- DNS ASK we####rreason.net
- DNS ASK am####reason.net
- DNS ASK am####orderly.net
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Shell_TrayWnd' WindowName: ''