Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Spooler Debugger iSCSI Remote Defragmenter' = 'C:\cyjmwjefupfvd\kageqdpk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Isolation Virtual DCOM Fax PNRP] 'ImagePath' = 'C:\cyjmwjefupfvd\kageqdpk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Isolation Virtual DCOM Fax PNRP] 'Start' = '00000002'
- 'C:\cyjmwjefupfvd\vpaluwyjm.exe' "c:\cyjmwjefupfvd\kageqdpk.exe"
- 'C:\cyjmwjefupfvd\kageqdpk.exe'
- 'C:\cyjmwjefupfvd\yupsz2uxqviqsuhgdw9itr.exe'
- C:\cyjmwjefupfvd\kageqdpk.exe
- C:\cyjmwjefupfvd\vpaluwyjm.exe
- C:\cyjmwjefupfvd\zqsaotqiwwog
- %WINDIR%\cyjmwjefupfvd\y9hfvk
- C:\cyjmwjefupfvd\y9hfvk
- C:\cyjmwjefupfvd\yupsz2uxqviqsuhgdw9itr.exe
- C:\cyjmwjefupfvd\vpaluwyjm.exe
- C:\cyjmwjefupfvd\kageqdpk.exe
- C:\cyjmwjefupfvd\yupsz2uxqviqsuhgdw9itr.exe
- %WINDIR%\cyjmwjefupfvd\y9hfvk
- %WINDIR%\cyjmwjefupfvd\y9hfvk
- 'bu####nggovern.net':80
- 'ev####ggovern.net':80
- 'ev####genough.net':80
- 'ev####gneedle.net':80
- 'bu####ngenough.net':80
- http://bu####nggovern.net/index.php
- http://ev####ggovern.net/index.php
- http://ev####genough.net/index.php
- http://ev####gneedle.net/index.php
- http://bu####ngenough.net/index.php
- DNS ASK bu####nggovern.net
- DNS ASK ev####ggovern.net
- DNS ASK st###nature.net
- DNS ASK ev####gneedle.net
- DNS ASK bu####ngenough.net
- DNS ASK ev####genough.net
- ClassName: 'Shell_TrayWnd' WindowName: ''