Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'IP Studio Intelligent Procedure Identity' = 'C:\vtkgrge\gmzcxwniw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Window Server Redirector Publication Virtual] 'ImagePath' = 'C:\vtkgrge\gmzcxwniw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Window Server Redirector Publication Virtual] 'Start' = '00000002'
- 'C:\vtkgrge\yrnhovud.exe' "c:\vtkgrge\gmzcxwniw.exe"
- 'C:\vtkgrge\gmzcxwniw.exe'
- 'C:\vtkgrge\dqyal2okkqfs3zu3oevda.exe'
- C:\vtkgrge\gmzcxwniw.exe
- C:\vtkgrge\yrnhovud.exe
- C:\vtkgrge\hkeoqjxm
- %WINDIR%\vtkgrge\gpwr7w
- C:\vtkgrge\gpwr7w
- C:\vtkgrge\dqyal2okkqfs3zu3oevda.exe
- C:\vtkgrge\yrnhovud.exe
- C:\vtkgrge\gmzcxwniw.exe
- C:\vtkgrge\dqyal2okkqfs3zu3oevda.exe
- %WINDIR%\vtkgrge\gpwr7w
- %WINDIR%\vtkgrge\gpwr7w
- 'pr####complete.net':80
- 'fe####welcome.net':80
- 'do####complete.net':80
- 'do###rproud.net':80
- 'pr###yproud.net':80
- http://pr####complete.net/index.php
- http://fe####welcome.net/index.php
- http://do####complete.net/index.php
- http://do###rproud.net/index.php
- http://pr###yproud.net/index.php
- DNS ASK pr####complete.net
- DNS ASK fe####welcome.net
- DNS ASK do####welcome.net
- DNS ASK do###rproud.net
- DNS ASK pr###yproud.net
- DNS ASK do####complete.net
- ClassName: 'Shell_TrayWnd' WindowName: ''