Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Assistant Tablet Layer Update iSCSI' = 'C:\chchgtjudpphgu\tsvcajsob.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Transaction Software Layer Key] 'ImagePath' = 'C:\chchgtjudpphgu\tsvcajsob.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Transaction Software Layer Key] 'Start' = '00000002'
- 'C:\chchgtjudpphgu\ktqlvcp.exe' "c:\chchgtjudpphgu\tsvcajsob.exe"
- 'C:\chchgtjudpphgu\tsvcajsob.exe'
- 'C:\chchgtjudpphgu\gk2g4qhaasbsmz5lb.exe'
- C:\chchgtjudpphgu\tsvcajsob.exe
- C:\chchgtjudpphgu\ktqlvcp.exe
- C:\chchgtjudpphgu\bcbxjrtzcp
- %WINDIR%\chchgtjudpphgu\zndzhrue
- C:\chchgtjudpphgu\zndzhrue
- C:\chchgtjudpphgu\gk2g4qhaasbsmz5lb.exe
- C:\chchgtjudpphgu\ktqlvcp.exe
- C:\chchgtjudpphgu\tsvcajsob.exe
- C:\chchgtjudpphgu\gk2g4qhaasbsmz5lb.exe
- %WINDIR%\chchgtjudpphgu\zndzhrue
- %WINDIR%\chchgtjudpphgu\zndzhrue
- 'su###rwheat.net':80
- 'cr###wheat.net':80
- 'su###ranger.net':80
- 'kn###always.net':80
- 'be###forest.net':80
- 'kn###forest.net':80
- http://su###rwheat.net/index.php
- http://cr###wheat.net/index.php
- http://su###ranger.net/index.php
- http://kn###always.net/index.php
- http://be###forest.net/index.php
- http://kn###forest.net/index.php
- DNS ASK cr###wheat.net
- DNS ASK su###ranger.net
- DNS ASK cr###anger.net
- DNS ASK su###rwheat.net
- DNS ASK kn###always.net
- DNS ASK be###forest.net
- DNS ASK kn###forest.net
- ClassName: 'Shell_TrayWnd' WindowName: ''