Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Virtual Machine TP KtmRm Media User SPP' = 'C:\rarvdrncuizku\sufalscw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Server Diagnostic Filtering Telephony Image] 'ImagePath' = 'C:\rarvdrncuizku\sufalscw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Server Diagnostic Filtering Telephony Image] 'Start' = '00000002'
- 'C:\rarvdrncuizku\tqvstafj.exe' "c:\rarvdrncuizku\sufalscw.exe"
- 'C:\rarvdrncuizku\sufalscw.exe'
- 'C:\rarvdrncuizku\ippy032u0qpqkxql7o.exe'
- C:\rarvdrncuizku\sufalscw.exe
- C:\rarvdrncuizku\tqvstafj.exe
- C:\rarvdrncuizku\mxwwll
- %WINDIR%\rarvdrncuizku\uzzwrqxjzj
- C:\rarvdrncuizku\uzzwrqxjzj
- C:\rarvdrncuizku\ippy032u0qpqkxql7o.exe
- C:\rarvdrncuizku\tqvstafj.exe
- C:\rarvdrncuizku\sufalscw.exe
- C:\rarvdrncuizku\ippy032u0qpqkxql7o.exe
- %WINDIR%\rarvdrncuizku\uzzwrqxjzj
- %WINDIR%\rarvdrncuizku\uzzwrqxjzj
- '88.#48.36.4':25752
- '87.##.38.225':33631
- '15#.#82.245.137':33982
- '24.##9.216.168':33794
- '94.##1.114.138':44254
- '62.##.253.114':51156
- '41.##8.41.238':29356
- '82.##7.164.91':40801
- '95.##.58.101':23245
- '91.##.35.122':26126
- '10#.#46.77.146':33927
- '77.##8.205.139':22969
- ClassName: 'Shell_TrayWnd' WindowName: ''