Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Controls Portable Removal Machine' = 'C:\auzvvrwysikkjzx\fywrsppw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Socket Process Awareness Volume] 'ImagePath' = 'C:\auzvvrwysikkjzx\fywrsppw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Socket Process Awareness Volume] 'Start' = '00000002'
- 'C:\auzvvrwysikkjzx\hxgffrvw.exe' "c:\auzvvrwysikkjzx\fywrsppw.exe"
- 'C:\auzvvrwysikkjzx\fywrsppw.exe'
- 'C:\auzvvrwysikkjzx\aat2jedwttu6r3pn.exe'
- C:\auzvvrwysikkjzx\fywrsppw.exe
- C:\auzvvrwysikkjzx\hxgffrvw.exe
- C:\auzvvrwysikkjzx\aeruhunxtytz
- %WINDIR%\auzvvrwysikkjzx\qbotknuig
- C:\auzvvrwysikkjzx\qbotknuig
- C:\auzvvrwysikkjzx\aat2jedwttu6r3pn.exe
- C:\auzvvrwysikkjzx\hxgffrvw.exe
- C:\auzvvrwysikkjzx\fywrsppw.exe
- C:\auzvvrwysikkjzx\aat2jedwttu6r3pn.exe
- %WINDIR%\auzvvrwysikkjzx\qbotknuig
- %WINDIR%\auzvvrwysikkjzx\qbotknuig
- '21#.#7.168.28':52231
- '18#.#55.161.27':20052
- '10#.#2.195.20':39160
- '18#.#42.107.86':26662
- '18#.#72.215.47':51612
- '17#.#50.138.208':20422
- '12#.#60.112.138':27440
- '2.##.19.50':35833
- ClassName: 'Shell_TrayWnd' WindowName: ''