Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'XML3264' = '%TEMP%\0hjFmt9T7X\XmlService.exe'
- '%TEMP%\nss3.tmp\ns4.tmp' "%TEMP%\Ext\lgpo.exe" /t "%TEMP%\Ext\pol.txt"
- '%TEMP%\0hjFmt9T7X\XmlService.exe'
- %TEMP%\Ext\id.txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\strapi[1]
- %TEMP%\nss3.tmp\ns4.tmp
- %TEMP%\nss3.tmp\nsExec.dll
- %TEMP%\nss3.tmp\inetc.dll
- %TEMP%\Ext\LGPO.exe
- %TEMP%\0hjFmt9T7X\XmlService.exe
- %TEMP%\nss3.tmp\nsJSON.dll
- %TEMP%\Ext\pol.txt
- %TEMP%\nss3.tmp\ns4.tmp
- 'qr####os-mark2.club':80
- http://qr####os-mark2.club/api/strapi?12#
- DNS ASK qr####os-mark2.club
- ClassName: 'Chrome_WidgetWin_1' WindowName: ''