Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ordering Extensible Browser Solutions' = 'C:\tbtyhxee\snnedbmlpvb.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Search Tunneling Function Process Discovery] 'ImagePath' = 'C:\tbtyhxee\snnedbmlpvb.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Search Tunneling Function Process Discovery] 'Start' = '00000002'
- 'C:\tbtyhxee\jwldtmtvifg.exe' "c:\tbtyhxee\snnedbmlpvb.exe"
- 'C:\tbtyhxee\snnedbmlpvb.exe'
- 'C:\tbtyhxee\nkosf37ywjrfskfqxwii.exe'
- C:\tbtyhxee\snnedbmlpvb.exe
- C:\tbtyhxee\jwldtmtvifg.exe
- C:\tbtyhxee\vcflgp1dsrfp
- %WINDIR%\tbtyhxee\hr7tch1
- C:\tbtyhxee\hr7tch1
- C:\tbtyhxee\nkosf37ywjrfskfqxwii.exe
- C:\tbtyhxee\jwldtmtvifg.exe
- C:\tbtyhxee\snnedbmlpvb.exe
- C:\tbtyhxee\nkosf37ywjrfskfqxwii.exe
- %WINDIR%\tbtyhxee\hr7tch1
- %WINDIR%\tbtyhxee\hr7tch1
- '41.#6.20.41':48405
- '2.##.19.50':35833
- '62.##.253.114':51156
- '78.##5.171.93':23699
- '81.##4.87.112':37714
- '73.##.228.84':36884
- '11#.#6.137.96':49919
- '10#.#4.136.243':42581
- ClassName: 'Shell_TrayWnd' WindowName: ''