Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Resource Drive Panel Acquisition' = 'C:\kctqzjeinxoe\nwyzsilcyyk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Isolation Block WWAN] 'ImagePath' = 'C:\kctqzjeinxoe\nwyzsilcyyk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Isolation Block WWAN] 'Start' = '00000002'
- 'C:\kctqzjeinxoe\fbbmcro.exe' "c:\kctqzjeinxoe\nwyzsilcyyk.exe"
- 'C:\kctqzjeinxoe\nwyzsilcyyk.exe'
- 'C:\kctqzjeinxoe\mu54leezlovzgp657a.exe'
- C:\kctqzjeinxoe\nwyzsilcyyk.exe
- C:\kctqzjeinxoe\fbbmcro.exe
- C:\kctqzjeinxoe\mu54leezlovzgp657a.exe
- %WINDIR%\kctqzjeinxoe\gpsckwbuyol
- C:\kctqzjeinxoe\gpsckwbuyol
- C:\kctqzjeinxoe\fbbmcro.exe
- C:\kctqzjeinxoe\nwyzsilcyyk.exe
- C:\kctqzjeinxoe\mu54leezlovzgp657a.exe
- %WINDIR%\kctqzjeinxoe\gpsckwbuyol
- %WINDIR%\kctqzjeinxoe\gpsckwbuyol
- 'la####roduce.net':80
- http://la####roduce.net/index.php
- DNS ASK mo####succeed.net
- DNS ASK si####between.net
- DNS ASK mo####between.net
- DNS ASK si####succeed.net
- DNS ASK la####roduce.net
- DNS ASK se####student.net
- DNS ASK la####tudent.net
- ClassName: 'Shell_TrayWnd' WindowName: ''