Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '5ung' = '<SYSTEM32>\twtqvwaw.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5ung' = '<SYSTEM32>\twtqvwaw.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] '5ung' = '<SYSTEM32>\twtqvwaw.exe'
- '%TEMP%\Ж®·№АМґЧАОБ§ЕН.exe'
- '<SYSTEM32>\twtqvwaw.exe'
- '%TEMP%\Server.exe'
- '%TEMP%\Ж®·№АМґЧ.exe'
- <SYSTEM32>\twtqvwaw.exe
- %TEMP%\~DF707ACEAD4516C792.TMP
- %TEMP%\~DF9CFFD0864C98E37C.TMP
- %TEMP%\~DFBE38D6A56DAD3586.TMP
- %TEMP%\Ж®·№АМґЧ.exe
- %TEMP%\Server.exe
- %TEMP%\~DF1785B0E7D2FC9C2E.TMP
- %TEMP%\Ж®·№АМґЧАОБ§ЕН.exe
- <SYSTEM32>\twtqvwaw.exe
- %TEMP%\~DF1785B0E7D2FC9C2E.TMP
- %TEMP%\~DF9CFFD0864C98E37C.TMP
- %TEMP%\~DF707ACEAD4516C792.TMP
- '11#.#2.112.126':5813
- DNS ASK dn#.##ftncsi.com
- DNS ASK cf#####9.uf.daum.net
- ClassName: '' WindowName: '?? ? ?? ?? ??'
- ClassName: '' WindowName: '?????'
- ClassName: '' WindowName: '???? ?? ?? ??'
- ClassName: '' WindowName: 'twtqvwaw.exe ??'
- ClassName: '' WindowName: 'twtqvwaw.exe ?? ??'
- ClassName: '' WindowName: '??? ?? - ??'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '??? ?? ??? ?? ???'
- ClassName: '' WindowName: '??? ??'
- ClassName: '' WindowName: '??? ?? ??? ??'