Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\vqopmqc] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\services.exe' = '<SYSTEM32>\services.exe:*:Enabled:ENABLE'
- <SYSTEM32>\netsh.exe firewall set allowedprogram <SYSTEM32>\services.exe ENABLE
- <DRIVERS>\vqopmqc.sys
- %TEMP%\sys64AB.tmp
- %TEMP%\sys64AB.tmp
- 'd2##f0f.net':80
- d2##f0f.net/wp-login.php
- DNS ASK d2##f0f.net
- ClassName: '____AVP.Root' WindowName: ''