Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Netlogon Collector Framework] 'Start' = '00000002'
- 'C:\osmnafxaqplbw\ywreoezeu.exe' "c:\osmnafxaqplbw\khcuxthym.exe"
- 'C:\osmnafxaqplbw\khcuxthym.exe'
- 'C:\osmnafxaqplbw\pwyv18124cqmopwstbev.exe'
- C:\osmnafxaqplbw\khcuxthym.exe
- C:\osmnafxaqplbw\ywreoezeu.exe
- C:\osmnafxaqplbw\ebfnupo
- %WINDIR%\osmnafxaqplbw\gsljklusr
- C:\osmnafxaqplbw\gsljklusr
- C:\osmnafxaqplbw\pwyv18124cqmopwstbev.exe
- C:\osmnafxaqplbw\ywreoezeu.exe
- C:\osmnafxaqplbw\khcuxthym.exe
- C:\osmnafxaqplbw\pwyv18124cqmopwstbev.exe
- %WINDIR%\osmnafxaqplbw\gsljklusr
- DNS ASK re####edevice.net
- DNS ASK or###device.net
- DNS ASK or###before.net
- DNS ASK le####settle.net
- DNS ASK re####ebefore.net
- DNS ASK re####elanguage.net
- DNS ASK or###settle.net
- DNS ASK ne####arybefore.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK or####anguage.net
- DNS ASK re####esettle.net
- ClassName: 'Shell_TrayWnd' WindowName: ''