Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Bus Logs Sharing Netlogon' = 'C:\bkorvhsxplhiom\vyljnbep.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Offline Storage Configuration Host] 'ImagePath' = 'C:\bkorvhsxplhiom\vyljnbep.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Offline Storage Configuration Host] 'Start' = '00000002'
- 'C:\bkorvhsxplhiom\psrjgrg.exe' "c:\bkorvhsxplhiom\vyljnbep.exe"
- 'C:\bkorvhsxplhiom\vyljnbep.exe'
- 'C:\bkorvhsxplhiom\wyso4ma4guazovazx.exe'
- C:\bkorvhsxplhiom\vyljnbep.exe
- C:\bkorvhsxplhiom\psrjgrg.exe
- C:\bkorvhsxplhiom\uoya4ahbwlw
- %WINDIR%\bkorvhsxplhiom\psb4by
- C:\bkorvhsxplhiom\psb4by
- C:\bkorvhsxplhiom\wyso4ma4guazovazx.exe
- C:\bkorvhsxplhiom\psrjgrg.exe
- C:\bkorvhsxplhiom\vyljnbep.exe
- C:\bkorvhsxplhiom\wyso4ma4guazovazx.exe
- %WINDIR%\bkorvhsxplhiom\psb4by
- %WINDIR%\bkorvhsxplhiom\psb4by
- '11#.#42.143.147':31567
- '62.##1.108.194':20068
- '24.##1.42.214':47782
- '71.##2.212.226':26466
- '74.#5.64.25':22739
- '79.##.202.44':23699
- '20#.#93.204.80':37195
- '85.##.122.169':40540
- ClassName: 'Shell_TrayWnd' WindowName: ''