Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Secure Socket Detection IP Procedure Function' = 'C:\xgisrdpkfqmqht\ylyouuvwioc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Config Provider WWAN Key Remote RPC] 'ImagePath' = 'C:\xgisrdpkfqmqht\ylyouuvwioc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Config Provider WWAN Key Remote RPC] 'Start' = '00000002'
- 'C:\xgisrdpkfqmqht\wvvxfmoqv.exe' "c:\xgisrdpkfqmqht\ylyouuvwioc.exe"
- 'C:\xgisrdpkfqmqht\ylyouuvwioc.exe'
- 'C:\xgisrdpkfqmqht\xkz2xurihhugsdtgw.exe'
- C:\xgisrdpkfqmqht\ylyouuvwioc.exe
- C:\xgisrdpkfqmqht\wvvxfmoqv.exe
- C:\xgisrdpkfqmqht\pmqdagmj9bjn
- %WINDIR%\xgisrdpkfqmqht\aedzymdkp3nl
- C:\xgisrdpkfqmqht\aedzymdkp3nl
- C:\xgisrdpkfqmqht\xkz2xurihhugsdtgw.exe
- C:\xgisrdpkfqmqht\wvvxfmoqv.exe
- C:\xgisrdpkfqmqht\ylyouuvwioc.exe
- C:\xgisrdpkfqmqht\xkz2xurihhugsdtgw.exe
- %WINDIR%\xgisrdpkfqmqht\aedzymdkp3nl
- %WINDIR%\xgisrdpkfqmqht\aedzymdkp3nl
- '2.##.19.50':35833
- '94.##1.114.138':44254
- '41.#6.20.41':48405
- '17#.#40.117.149':27603
- '2.##.167.151':22437
- '20#.#23.152.97':27682
- '17#.#50.138.208':20422
- '19#.#47.86.10':25432
- ClassName: 'Shell_TrayWnd' WindowName: ''