Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Endpoint Call Credential Logs Tracking TCP/IP' = 'C:\yyqxowbazs\yvbrhiodihl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Transaction Enumerator Services] 'ImagePath' = 'C:\yyqxowbazs\yvbrhiodihl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Transaction Enumerator Services] 'Start' = '00000002'
- 'C:\yyqxowbazs\bazyvqxc.exe' "c:\yyqxowbazs\yvbrhiodihl.exe"
- 'C:\yyqxowbazs\yvbrhiodihl.exe'
- 'C:\yyqxowbazs\yluh2x6glyndmif5fnid.exe'
- C:\yyqxowbazs\yvbrhiodihl.exe
- C:\yyqxowbazs\bazyvqxc.exe
- C:\yyqxowbazs\eqxvsd
- %WINDIR%\yyqxowbazs\hhnkng
- C:\yyqxowbazs\hhnkng
- C:\yyqxowbazs\yluh2x6glyndmif5fnid.exe
- C:\yyqxowbazs\bazyvqxc.exe
- C:\yyqxowbazs\yvbrhiodihl.exe
- C:\yyqxowbazs\yluh2x6glyndmif5fnid.exe
- %WINDIR%\yyqxowbazs\hhnkng
- %WINDIR%\yyqxowbazs\hhnkng
- '74.#5.64.25':22739
- '21#.#19.80.21':36542
- '18#.#39.124.68':37599
- '37.##2.223.103':22969
- '95.##7.243.188':49038
- '18#.#22.45.37':46084
- '18#.#49.88.79':32097
- '2.##.156.247':35711
- ClassName: 'Shell_TrayWnd' WindowName: ''