Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Health Topology Shadow Cryptographic' = 'C:\ghqpwybuqrkdwh\cgrivcqvq.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Cryptographic Publication Auto Scheduler] 'ImagePath' = 'C:\ghqpwybuqrkdwh\cgrivcqvq.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Cryptographic Publication Auto Scheduler] 'Start' = '00000002'
- 'C:\ghqpwybuqrkdwh\bwirhmdod.exe' "c:\ghqpwybuqrkdwh\cgrivcqvq.exe"
- 'C:\ghqpwybuqrkdwh\cgrivcqvq.exe'
- 'C:\ghqpwybuqrkdwh\a1m2mr0xijppplsew.exe'
- C:\ghqpwybuqrkdwh\cgrivcqvq.exe
- C:\ghqpwybuqrkdwh\bwirhmdod.exe
- C:\ghqpwybuqrkdwh\t05wk9tb1
- %WINDIR%\ghqpwybuqrkdwh\xxcsy1gv
- C:\ghqpwybuqrkdwh\xxcsy1gv
- C:\ghqpwybuqrkdwh\a1m2mr0xijppplsew.exe
- C:\ghqpwybuqrkdwh\bwirhmdod.exe
- C:\ghqpwybuqrkdwh\cgrivcqvq.exe
- C:\ghqpwybuqrkdwh\a1m2mr0xijppplsew.exe
- %WINDIR%\ghqpwybuqrkdwh\xxcsy1gv
- %WINDIR%\ghqpwybuqrkdwh\xxcsy1gv
- '62.##.253.114':51156
- '86.##5.10.227':45279
- '41.##8.41.238':29356
- '61.##6.2.217':25840
- '19#.#47.86.10':25432
- '18#.#39.139.100':37599
- '77.##7.13.68':30018
- '98.##.223.221':20922
- '18#.#42.145.105':26662
- '62.##1.108.194':20068
- '94.##1.114.138':44254
- ClassName: 'Shell_TrayWnd' WindowName: ''