Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\WebClient IPsec Tunneling] 'Start' = '00000002'
- 'C:\uezncamkicuyfoz\eguuqseicitk.exe' "c:\uezncamkicuyfoz\pjpdubnl.exe"
- 'C:\uezncamkicuyfoz\pjpdubnl.exe'
- 'C:\uezncamkicuyfoz\epxdo8tabhvcrpvrdwt.exe'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_pjpdubnl.exe_2e31eafde9af73a58f8796bc6cc038601ec15aa4_cab_189ab5d6"
- C:\uezncamkicuyfoz\pjpdubnl.exe
- C:\uezncamkicuyfoz\eguuqseicitk.exe
- C:\uezncamkicuyfoz\sfdbfd
- %WINDIR%\uezncamkicuyfoz\hwdg5k
- C:\uezncamkicuyfoz\hwdg5k
- C:\uezncamkicuyfoz\epxdo8tabhvcrpvrdwt.exe
- C:\uezncamkicuyfoz\eguuqseicitk.exe
- C:\uezncamkicuyfoz\pjpdubnl.exe
- C:\uezncamkicuyfoz\epxdo8tabhvcrpvrdwt.exe
- %WINDIR%\uezncamkicuyfoz\hwdg5k
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_pjpdubnl.exe_2e31eafde9af73a58f8796bc6cc038601ec15aa4_cab_189ab5d6\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_pjpdubnl.exe_2e31eafde9af73a58f8796bc6cc038601ec15aa4_cab_189ab5d6\Report.wer
- DNS ASK le###rfound.net
- DNS ASK re####ebanker.net
- DNS ASK le####spring.net
- DNS ASK he###nfound.net
- DNS ASK re####esuccess.net
- DNS ASK or####uccess.net
- DNS ASK or###banker.net
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Shell_TrayWnd' WindowName: ''