Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Receiver Quality Endpoint Spooler Socket' = 'C:\zoqqhgqmhyiixe\wazweljw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SNMP Search System VC Server TPM Information] 'Start' = '00000002'
- 'C:\zoqqhgqmhyiixe\jrknmoikcpd.exe' "c:\zoqqhgqmhyiixe\wazweljw.exe"
- 'C:\zoqqhgqmhyiixe\wazweljw.exe'
- 'C:\zoqqhgqmhyiixe\rpz64ohzytrfvnuiik.exe'
- C:\zoqqhgqmhyiixe\wazweljw.exe
- C:\zoqqhgqmhyiixe\jrknmoikcpd.exe
- C:\zoqqhgqmhyiixe\cgk1yibzfr
- %WINDIR%\zoqqhgqmhyiixe\vmwkvhebca1
- C:\zoqqhgqmhyiixe\vmwkvhebca1
- C:\zoqqhgqmhyiixe\rpz64ohzytrfvnuiik.exe
- C:\zoqqhgqmhyiixe\jrknmoikcpd.exe
- C:\zoqqhgqmhyiixe\wazweljw.exe
- C:\zoqqhgqmhyiixe\rpz64ohzytrfvnuiik.exe
- %WINDIR%\zoqqhgqmhyiixe\vmwkvhebca1
- 'mo####gmaster.net':80
- 'ra####wonder.net':80
- 'ra####master.net':80
- 'ra####continue.net':80
- 'mo####gcontinue.net':80
- http://mo####gmaster.net/index.php?me########
- http://ra####wonder.net/index.php?me########
- http://ra####master.net/index.php?me########
- http://ra####continue.net/index.php?me########
- http://mo####gcontinue.net/index.php?me########
- DNS ASK ra####discover.net
- DNS ASK mo####gwonder.net
- DNS ASK st####econtinue.net
- DNS ASK mo####gdiscover.net
- DNS ASK ra####wonder.net
- DNS ASK mo####gcontinue.net
- DNS ASK ra####continue.net
- DNS ASK mo####gmaster.net
- DNS ASK ra####master.net
- ClassName: 'Shell_TrayWnd' WindowName: ''