Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Process IP Launcher Presentation' = 'C:\sgdgbzhkmb\hrusmmwdfw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Builder TP Portable Quality Removal] 'ImagePath' = 'C:\sgdgbzhkmb\hrusmmwdfw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Builder TP Portable Quality Removal] 'Start' = '00000002'
- 'C:\sgdgbzhkmb\wgxvqtup.exe' "c:\sgdgbzhkmb\hrusmmwdfw.exe"
- 'C:\sgdgbzhkmb\hrusmmwdfw.exe'
- 'C:\sgdgbzhkmb\zn84m1vxbyrhfyz4cba.exe'
- C:\sgdgbzhkmb\hrusmmwdfw.exe
- C:\sgdgbzhkmb\wgxvqtup.exe
- C:\sgdgbzhkmb\eahpjx
- %WINDIR%\sgdgbzhkmb\l2xgfhqja
- C:\sgdgbzhkmb\l2xgfhqja
- C:\sgdgbzhkmb\zn84m1vxbyrhfyz4cba.exe
- C:\sgdgbzhkmb\wgxvqtup.exe
- C:\sgdgbzhkmb\hrusmmwdfw.exe
- C:\sgdgbzhkmb\zn84m1vxbyrhfyz4cba.exe
- %WINDIR%\sgdgbzhkmb\l2xgfhqja
- %WINDIR%\sgdgbzhkmb\l2xgfhqja
- '77.##7.13.68':30018
- '79.##1.239.74':42581
- '71.##2.212.226':26466
- '12#.#60.123.173':36805
- '20#.#36.131.186':52293
- '77.##.186.45':43519
- '18#.#39.124.68':37599
- '5.##.147.158':23144
- ClassName: 'Shell_TrayWnd' WindowName: ''