Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '[EXPL0RER]' = '%WINDIR%\V3liek\QVMLIKE.exe'
- '%WINDIR%\V3liek\QVMLIKEss.exe'
- '%WINDIR%\V3liek\QVMLIKEss.exe' (загружен из сети Интернет)
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\wscript.exe' "%WINDIR%\V3like.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Fobeka.bat" "
- %WINDIR%\V3liek\QVMLIKE.exe
- %WINDIR%\V3liek\QVMLIKEss.exe
- %WINDIR%\V3like.vbs
- %WINDIR%\Fobeka.bat
- '23.##.246.248':80
- '23.##.246.246':80
- 23.##.246.248/yk.exe
- 23.##.246.246/kbs.exe