Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'gPDQGcdXQJ' = '%APPDATA%\YiLaQCQbJt\QfHKCzHtXW.exe'
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %APPDATA%\yilaqcqbjt\qfhkczhtxw.exe
- 'localhost':7707
- 'localhost':8808
- 'localhost':1234
- 'localhost':6606
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'