Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Intelligent List Wired Scheduler' = 'C:\arywicejusteaso\krichcva.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Class Connections Storage] 'Start' = '00000002'
- 'C:\arywicejusteaso\euxigxsu.exe' "c:\arywicejusteaso\krichcva.exe"
- 'C:\arywicejusteaso\krichcva.exe'
- 'C:\arywicejusteaso\exsv53x3mlizuucgz.exe'
- C:\arywicejusteaso\krichcva.exe
- C:\arywicejusteaso\euxigxsu.exe
- C:\arywicejusteaso\exsv53x3mlizuucgz.exe
- %WINDIR%\arywicejusteaso\rewbp3k3
- C:\arywicejusteaso\rewbp3k3
- C:\arywicejusteaso\euxigxsu.exe
- C:\arywicejusteaso\krichcva.exe
- C:\arywicejusteaso\exsv53x3mlizuucgz.exe
- %WINDIR%\arywicejusteaso\rewbp3k3
- 'st####ithout.net':80
- http://st####ithout.net/index.php
- DNS ASK st####robable.net
- DNS ASK mi####robable.net
- DNS ASK do###rwagon.net
- DNS ASK mi####itchen.net
- DNS ASK st####ithout.net
- DNS ASK mi####ithout.net
- DNS ASK st####itchen.net
- ClassName: 'Shell_TrayWnd' WindowName: ''