Техническая информация
- '<SYSTEM32>\cacls.exe' "%APPDATA%\14305943\svchost.exe" /P "%USERNAME%:R"
- '<SYSTEM32>\cmd.exe' /c echo Y|CACLS "%APPDATA%\14305943" /P "%USERNAME%:R"
- '<SYSTEM32>\cacls.exe' "%APPDATA%\14305943" /P "%USERNAME%:R"
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Quant" program="%APPDATA%\14305943\svchost.exe" dir=Out action=allow
- '<SYSTEM32>\cmd.exe' /c echo Y|CACLS "%APPDATA%\14305943\svchost.exe" /P "%USERNAME%:R"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo Y"
- %APPDATA%\14305943\bs.dll
- %APPDATA%\14305943\svchost.exe:Zone.Identifier
- %APPDATA%\14305943\sqlite3.dll
- %APPDATA%\14305943\svchost.exe
- %APPDATA%\14305943\zs.dll
- 'gr###.####ghts15.webfactional.com':80
- http://gr###.####ghts15.webfactional.com/q/lib/bs.dll
- http://gr###.####ghts15.webfactional.com/q/lib/sql.dll
- http://gr###.####ghts15.webfactional.com/q/lib/zs.dll
- DNS ASK gr###.####ghts15.webfactional.com
- ClassName: '' WindowName: '?OW??WW??<??'
- ClassName: '' WindowName: '—OWЂДWWЂЂ<Гц'
- ClassName: '' WindowName: '??'
- ClassName: '' WindowName: 'њю'