Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Protection Alerts Location Link' = 'C:\truaoxo\upzeurqbx.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Receiver Remote Accounts Card Windows] 'ImagePath' = 'C:\truaoxo\upzeurqbx.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Receiver Remote Accounts Card Windows] 'Start' = '00000002'
- 'C:\truaoxo\kdlpkiepw.exe' "c:\truaoxo\upzeurqbx.exe"
- 'C:\truaoxo\upzeurqbx.exe'
- 'C:\truaoxo\sq30pmbbokcijx.exe'
- C:\truaoxo\upzeurqbx.exe
- C:\truaoxo\kdlpkiepw.exe
- C:\truaoxo\whx9leh
- %WINDIR%\truaoxo\h1r9ma79cll
- C:\truaoxo\h1r9ma79cll
- C:\truaoxo\sq30pmbbokcijx.exe
- C:\truaoxo\kdlpkiepw.exe
- C:\truaoxo\upzeurqbx.exe
- C:\truaoxo\sq30pmbbokcijx.exe
- %WINDIR%\truaoxo\h1r9ma79cll
- %WINDIR%\truaoxo\h1r9ma79cll
- '21#.#19.80.21':36542
- '20#.#70.207.211':37727
- '84.##8.130.85':27132
- '20#.#36.131.186':52293
- '19#.#47.86.10':25432
- '21#.#7.168.28':52231
- '88.#48.36.4':25752
- '17#.#50.138.208':20422
- ClassName: 'Shell_TrayWnd' WindowName: ''