Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Workstation Thread Level Encrypting' = 'C:\gwhdhhvyy\ytwstdaruope.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Installer Workstation Registrar CNG Device] 'ImagePath' = 'C:\gwhdhhvyy\ytwstdaruope.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Installer Workstation Registrar CNG Device] 'Start' = '00000002'
- 'C:\gwhdhhvyy\inxairt.exe' "c:\gwhdhhvyy\ytwstdaruope.exe"
- 'C:\gwhdhhvyy\ytwstdaruope.exe'
- 'C:\gwhdhhvyy\yy22g4qxibjiyakpw.exe'
- C:\gwhdhhvyy\ytwstdaruope.exe
- C:\gwhdhhvyy\inxairt.exe
- C:\gwhdhhvyy\kf6hgkzzvqvg
- %WINDIR%\gwhdhhvyy\elng3yhz
- C:\gwhdhhvyy\elng3yhz
- C:\gwhdhhvyy\yy22g4qxibjiyakpw.exe
- C:\gwhdhhvyy\inxairt.exe
- C:\gwhdhhvyy\ytwstdaruope.exe
- C:\gwhdhhvyy\yy22g4qxibjiyakpw.exe
- %WINDIR%\gwhdhhvyy\elng3yhz
- %WINDIR%\gwhdhhvyy\elng3yhz
- '19#.#6.240.249':21875
- '41.##.10.183':48405
- '18#.#0.243.3':25741
- '70.##2.38.96':41500
- '73.##.228.84':36884
- '18#.#50.153.254':32097
- '81.##7.50.99':52074
- '10#.#4.136.243':42581
- '21#.#07.110.82':26314
- '98.##.223.221':20922
- '20#.#23.152.97':27682
- '20#.#7.225.58':33073
- ClassName: 'Shell_TrayWnd' WindowName: ''