Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Receiver Reporting iSCSI' = 'C:\mwcgbrcrt\oohlawi.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Search Installer Session ActiveX] 'ImagePath' = 'C:\mwcgbrcrt\oohlawi.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Search Installer Session ActiveX] 'Start' = '00000002'
- 'C:\mwcgbrcrt\mclzuyqxa.exe' "c:\mwcgbrcrt\oohlawi.exe"
- 'C:\mwcgbrcrt\oohlawi.exe'
- 'C:\mwcgbrcrt\mci57mreqnjxzunqqi.exe'
- C:\mwcgbrcrt\oohlawi.exe
- C:\mwcgbrcrt\mclzuyqxa.exe
- C:\mwcgbrcrt\ccacl7yen
- %WINDIR%\mwcgbrcrt\bnzpib
- C:\mwcgbrcrt\bnzpib
- C:\mwcgbrcrt\mci57mreqnjxzunqqi.exe
- C:\mwcgbrcrt\mclzuyqxa.exe
- C:\mwcgbrcrt\oohlawi.exe
- C:\mwcgbrcrt\mci57mreqnjxzunqqi.exe
- %WINDIR%\mwcgbrcrt\bnzpib
- %WINDIR%\mwcgbrcrt\bnzpib
- 'po####lefurther.net':80
- 'mo####incover.net':80
- 'mo####become.net':80
- 'mo####infurther.net':80
- http://po####lefurther.net/index.php
- http://mo####incover.net/index.php
- http://mo####become.net/index.php
- http://mo####infurther.net/index.php
- DNS ASK po####lefurther.net
- DNS ASK mo####incover.net
- DNS ASK po####lecover.net
- DNS ASK mo####infurther.net
- DNS ASK mo####become.net
- DNS ASK si####company.net
- DNS ASK mo####company.net
- ClassName: 'Shell_TrayWnd' WindowName: ''