Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Drive Visual Registrar Removal Encrypting] 'Start' = '00000002'
- 'C:\vvasvyqfbfvk\krjabnjsqvzi.exe' "c:\vvasvyqfbfvk\cpqjlymgo.exe"
- 'C:\vvasvyqfbfvk\cpqjlymgo.exe'
- 'C:\vvasvyqfbfvk\yvpseemizdgv4dvsw.exe'
- C:\vvasvyqfbfvk\cpqjlymgo.exe
- C:\vvasvyqfbfvk\krjabnjsqvzi.exe
- C:\vvasvyqfbfvk\v5kbogn8e4az
- %WINDIR%\vvasvyqfbfvk\ypzjvrlt3bvu
- C:\vvasvyqfbfvk\ypzjvrlt3bvu
- C:\vvasvyqfbfvk\yvpseemizdgv4dvsw.exe
- C:\vvasvyqfbfvk\krjabnjsqvzi.exe
- C:\vvasvyqfbfvk\cpqjlymgo.exe
- C:\vvasvyqfbfvk\yvpseemizdgv4dvsw.exe
- %WINDIR%\vvasvyqfbfvk\ypzjvrlt3bvu
- DNS ASK be####explain.net
- DNS ASK ga####instead.net
- DNS ASK ga####explain.net
- DNS ASK ga####bright.net
- DNS ASK be####bright.net
- DNS ASK be####instead.net
- DNS ASK tr###bright.net
- DNS ASK st####bright.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK tr###inside.net
- DNS ASK st####inside.net
- ClassName: 'Shell_TrayWnd' WindowName: ''