Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Manager Controls IPsec Connections' = 'C:\rshcbspdfhp\jirlzcow.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Web Routing Event Registry] 'ImagePath' = 'C:\rshcbspdfhp\jirlzcow.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Web Routing Event Registry] 'Start' = '00000002'
- 'C:\rshcbspdfhp\qnuxaqkgt.exe' "c:\rshcbspdfhp\jirlzcow.exe"
- 'C:\rshcbspdfhp\jirlzcow.exe'
- 'C:\rshcbspdfhp\pjg82g6hozvzeiikdzc.exe'
- C:\rshcbspdfhp\jirlzcow.exe
- C:\rshcbspdfhp\qnuxaqkgt.exe
- C:\rshcbspdfhp\vtejrdrrhr
- %WINDIR%\rshcbspdfhp\gjpcqx
- C:\rshcbspdfhp\gjpcqx
- C:\rshcbspdfhp\pjg82g6hozvzeiikdzc.exe
- C:\rshcbspdfhp\qnuxaqkgt.exe
- C:\rshcbspdfhp\jirlzcow.exe
- C:\rshcbspdfhp\pjg82g6hozvzeiikdzc.exe
- %WINDIR%\rshcbspdfhp\gjpcqx
- %WINDIR%\rshcbspdfhp\gjpcqx
- '62.##1.108.194':20068
- '70.##2.38.96':41500
- '20#.#95.172.22':41884
- '81.##7.50.99':52074
- '18#.#23.70.113':37727
- '73.##.228.84':36884
- '10#.#02.79.27':36272
- '78.##5.171.93':23699
- '78.#7.87.58':21017
- '18#.#31.193.123':28122
- '91.##.35.122':26126
- '20#.#23.152.97':27682
- '18#.#42.145.105':26662
- ClassName: 'Shell_TrayWnd' WindowName: ''