Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DLL Cryptographic Virtual Drive Connect' = 'C:\gznvjdtwancffdv\cnusrmps.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Authentication Interactive] 'ImagePath' = 'C:\gznvjdtwancffdv\cnusrmps.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Authentication Interactive] 'Start' = '00000002'
- 'C:\gznvjdtwancffdv\tsbgjzbf.exe' "c:\gznvjdtwancffdv\cnusrmps.exe"
- 'C:\gznvjdtwancffdv\cnusrmps.exe'
- 'C:\gznvjdtwancffdv\fnjc2r5gofwhz4nm7xwf.exe'
- C:\gznvjdtwancffdv\cnusrmps.exe
- C:\gznvjdtwancffdv\tsbgjzbf.exe
- C:\gznvjdtwancffdv\muz14h
- %WINDIR%\gznvjdtwancffdv\ult1nohje8
- C:\gznvjdtwancffdv\ult1nohje8
- C:\gznvjdtwancffdv\fnjc2r5gofwhz4nm7xwf.exe
- C:\gznvjdtwancffdv\tsbgjzbf.exe
- C:\gznvjdtwancffdv\cnusrmps.exe
- C:\gznvjdtwancffdv\fnjc2r5gofwhz4nm7xwf.exe
- %WINDIR%\gznvjdtwancffdv\ult1nohje8
- %WINDIR%\gznvjdtwancffdv\ult1nohje8
- '11#.#18.187.28':42065
- '81.##7.50.99':52074
- '86.##.69.232':41590
- '18#.#42.145.105':26662
- '18#.#22.43.28':46084
- '41.##2.44.224':45860
- '70.##2.38.96':41500
- '74.#5.64.25':22739
- '81.##4.87.112':37714
- '87.##.38.225':33631
- '61.##6.2.217':25840
- ClassName: 'Shell_TrayWnd' WindowName: ''