Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Cryptographic Panel DNS Location] 'Start' = '00000002'
- 'C:\dxf2anyx\cdairaovvd.exe' "c:\dxf2anyx\r40huvortvxa.exe"
- 'C:\dxf2anyx\r40huvortvxa.exe'
- 'C:\dxf2anyx\cmxpliei69z0liubapdpvkqm.exe'
- '<SYSTEM32>\conhost.exe'
- C:\dxf2anyx\r40huvortvxa.exe
- C:\dxf2anyx\cdairaovvd.exe
- C:\dxf2anyx\nfzk2bwuojs
- %WINDIR%\dxf2anyx\ocigfvlhsr
- C:\dxf2anyx\ocigfvlhsr
- C:\dxf2anyx\cmxpliei69z0liubapdpvkqm.exe
- C:\dxf2anyx\cdairaovvd.exe
- C:\dxf2anyx\r40huvortvxa.exe
- C:\dxf2anyx\cmxpliei69z0liubapdpvkqm.exe
- %WINDIR%\dxf2anyx\ocigfvlhsr
- DNS ASK ar#####ldstrickland.net
- DNS ASK za######hbreckenridge.net
- DNS ASK za#####ahstrickland.net
- DNS ASK ch######ewinterbottom.net
- DNS ASK ge######awinterbottom.net
- DNS ASK ar######dbreckenridge.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK ar######dwinterbottom.net
- DNS ASK za######hwinterbottom.net
- DNS ASK za#####ahwashington.net
- DNS ASK ar#####ldwashington.net
- ClassName: 'Shell_TrayWnd' WindowName: ''