Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '{D9033079-2B85-6FD1-F761-C1CBA6419D5A}' = '%TEMP%\dctgizgh.exe'
- '%TEMP%\dctgizgh.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ASu%2be0kNC6nJm4HempLfTf4y5EE4Z5eBiczZiLlPIm1%2fZJbPfqJrFmbE43qudLxlaXlxLv3hossYt8j0StcYusUJ7Cc2RtbsDeNqOzZE%2fwLqXYfBgPJTVmeBEpk%2fYsZUla751z3wm6ewRHrHRM[1]
- %TEMP%\data.dat
- %TEMP%\dctgizgh.exe
- %TEMP%\setup.dat
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- '21#.#24.126.66':80
- 'localhost':1036
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '{2170A1E1-2017-423C-8E69-F068C6EE2F59}' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'