Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Location KtmRm Proxy Networking Detection Web' = '%APPDATA%\pmkznhkyvjil\pttvgdhk.exe'
- '%APPDATA%\pmkznhkyvjil\fdbmmcsy.exe' "%APPDATA%\pmkznhkyvjil\pttvgdhk.exe"
- '%APPDATA%\pmkznhkyvjil\pttvgdhk.exe'
- %APPDATA%\pmkznhkyvjil\pttvgdhk.ldlrm
- %APPDATA%\pmkznhkyvjil\fdbmmcsy.exe
- %APPDATA%\pmkznhkyvjil\pttvgdhk.exe
- %APPDATA%\pmkznhkyvjil\pttvgdhk.exe
- 'pi####ewritten.net':80
- http://pi####ewritten.net/index.php?em############################################
- DNS ASK pi####erealize.net
- DNS ASK ci#####terealize.net
- DNS ASK ch####enshore.net
- DNS ASK ci####ttedollar.net
- DNS ASK pi####ewritten.net
- DNS ASK ci#####tewritten.net
- DNS ASK pi####edollar.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''