Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Studio DHCP Redirector Connect Font' = 'C:\svgcjjxdor\qxxosny.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Storage Process Connections Block Base] 'ImagePath' = 'C:\svgcjjxdor\qxxosny.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Storage Process Connections Block Base] 'Start' = '00000002'
- 'C:\svgcjjxdor\hbhgang.exe' "c:\svgcjjxdor\qxxosny.exe"
- 'C:\svgcjjxdor\qxxosny.exe'
- 'C:\svgcjjxdor\nps3n0kc0kncibeh3sf.exe'
- C:\svgcjjxdor\qxxosny.exe
- C:\svgcjjxdor\hbhgang.exe
- C:\svgcjjxdor\be1oprsao
- %WINDIR%\svgcjjxdor\qafok7nl
- C:\svgcjjxdor\qafok7nl
- C:\svgcjjxdor\nps3n0kc0kncibeh3sf.exe
- C:\svgcjjxdor\hbhgang.exe
- C:\svgcjjxdor\qxxosny.exe
- C:\svgcjjxdor\nps3n0kc0kncibeh3sf.exe
- %WINDIR%\svgcjjxdor\qafok7nl
- %WINDIR%\svgcjjxdor\qafok7nl
- 'fr####ountry.net':80
- 'ex#####ncecountry.net':80
- 'ex####encepower.net':80
- 'ex#####ncefamous.net':80
- 'fr###power.net':80
- http://fr####ountry.net/index.php
- http://ex#####ncecountry.net/index.php
- http://ex####encepower.net/index.php
- http://ex#####ncefamous.net/index.php
- http://fr###power.net/index.php
- DNS ASK fr####ountry.net
- DNS ASK ex#####ncecountry.net
- DNS ASK ge#####ancentury.net
- DNS ASK ex#####ncefamous.net
- DNS ASK fr###power.net
- DNS ASK ex####encepower.net
- ClassName: 'Shell_TrayWnd' WindowName: ''