Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Interface Plug Panel Web Drive' = 'C:\otncujwngejgzhs\bfykogkjmn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Client Group Transaction] 'ImagePath' = 'C:\otncujwngejgzhs\bfykogkjmn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Client Group Transaction] 'Start' = '00000002'
- 'C:\otncujwngejgzhs\tfpybclh.exe' "c:\otncujwngejgzhs\bfykogkjmn.exe"
- 'C:\otncujwngejgzhs\bfykogkjmn.exe'
- 'C:\otncujwngejgzhs\bfcnc2x24xeeoxthdh.exe'
- C:\otncujwngejgzhs\bfykogkjmn.exe
- C:\otncujwngejgzhs\tfpybclh.exe
- C:\otncujwngejgzhs\nre3zntsc
- %WINDIR%\otncujwngejgzhs\lpgevci
- C:\otncujwngejgzhs\lpgevci
- C:\otncujwngejgzhs\bfcnc2x24xeeoxthdh.exe
- C:\otncujwngejgzhs\tfpybclh.exe
- C:\otncujwngejgzhs\bfykogkjmn.exe
- C:\otncujwngejgzhs\bfcnc2x24xeeoxthdh.exe
- %WINDIR%\otncujwngejgzhs\lpgevci
- %WINDIR%\otncujwngejgzhs\lpgevci
- 'ch###famous.net':80
- 'th###famous.net':80
- 'th####entury.net':80
- 'be####country.net':80
- 'ch####entury.net':80
- http://ch###famous.net/index.php
- http://th###famous.net/index.php
- http://th####entury.net/index.php
- http://be####country.net/index.php
- http://ch####entury.net/index.php
- DNS ASK ch###famous.net
- DNS ASK th###famous.net
- DNS ASK ch###power.net
- DNS ASK be####country.net
- DNS ASK ch####entury.net
- DNS ASK th####entury.net
- ClassName: 'Shell_TrayWnd' WindowName: ''