Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Print Connections Volume Initiator Workstation' = 'C:\wygcxjnbdfm\rgdazbphi.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Firewall Hardware Profile] 'ImagePath' = 'C:\wygcxjnbdfm\rgdazbphi.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Firewall Hardware Profile] 'Start' = '00000002'
- 'C:\wygcxjnbdfm\rwbibcxrtod.exe' "c:\wygcxjnbdfm\rgdazbphi.exe"
- 'C:\wygcxjnbdfm\rgdazbphi.exe'
- 'C:\wygcxjnbdfm\kvdd2wziknaddna0n.exe'
- C:\wygcxjnbdfm\rgdazbphi.exe
- C:\wygcxjnbdfm\rwbibcxrtod.exe
- C:\wygcxjnbdfm\hvwkvh
- %WINDIR%\wygcxjnbdfm\u6xh0ms7vzhv
- C:\wygcxjnbdfm\u6xh0ms7vzhv
- C:\wygcxjnbdfm\kvdd2wziknaddna0n.exe
- C:\wygcxjnbdfm\rwbibcxrtod.exe
- C:\wygcxjnbdfm\rgdazbphi.exe
- C:\wygcxjnbdfm\kvdd2wziknaddna0n.exe
- %WINDIR%\wygcxjnbdfm\u6xh0ms7vzhv
- %WINDIR%\wygcxjnbdfm\u6xh0ms7vzhv
- '87.##.238.184':44724
- '61.##6.2.217':25840
- '18#.#42.73.242':26662
- '73.##.228.84':36884
- '22#.#1.110.45':48008
- '79.##3.139.198':21201
- '21#.#7.168.28':52231
- '94.##1.114.138':44254
- ClassName: 'Shell_TrayWnd' WindowName: ''