Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Encrypting Transfer TPM Counter Protected' = 'C:\ddkfrntq\smcoizvpbsp.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Presentation Office Center] 'ImagePath' = 'C:\ddkfrntq\smcoizvpbsp.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Presentation Office Center] 'Start' = '00000002'
- 'C:\ddkfrntq\wkqdtlrsnt.exe' "c:\ddkfrntq\smcoizvpbsp.exe"
- 'C:\ddkfrntq\smcoizvpbsp.exe'
- 'C:\ddkfrntq\rp2d5jat3kzgcyywc.exe'
- C:\ddkfrntq\smcoizvpbsp.exe
- C:\ddkfrntq\wkqdtlrsnt.exe
- C:\ddkfrntq\k0wff7uxqj
- %WINDIR%\ddkfrntq\ah5ci1
- C:\ddkfrntq\ah5ci1
- C:\ddkfrntq\rp2d5jat3kzgcyywc.exe
- C:\ddkfrntq\wkqdtlrsnt.exe
- C:\ddkfrntq\smcoizvpbsp.exe
- C:\ddkfrntq\rp2d5jat3kzgcyywc.exe
- %WINDIR%\ddkfrntq\ah5ci1
- %WINDIR%\ddkfrntq\ah5ci1
- '81.##4.87.112':37714
- '12#.#60.123.173':36805
- '41.#6.20.41':48405
- '24.##1.42.214':47782
- '10#.#67.38.149':20466
- '77.##.186.45':43519
- '74.#5.64.25':22739
- '62.##1.108.194':20068
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''