Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Aqiyqi Arjar] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Aqiyqi Arjar] 'ImagePath' = '<SYSTEM32>\Aqiyq.exe -auto'
- 'Aqiyqi Arjar' <SYSTEM32>\Aqiyq.exe -auto
- %WINDIR%\syswow64\wbem\wmiprvse.exe
- %WINDIR%\syswow64\ctfmon.exe
- %WINDIR%\syswow64\aqiyq.exe
- %WINDIR%\syswow64\aqiyq.exe
- %ProgramFiles(x86)%\steam\bin\msimg32.dll
- nul
- '12#.#29.217.85':10000
- 'wh###.#conline.com.cn':80
- '12#.#29.217.85':3395
- http://wh###.#conline.com.cn/
- '12#.#29.217.85':10000
- '12#.#29.217.85':3395
- DNS ASK wh###.#conline.com.cn
- ClassName: 'UnrealWindow' WindowName: 'ВѕГёВµГÇóÉú '
- '%WINDIR%\syswow64\aqiyq.exe' -auto
- '%WINDIR%\syswow64\cmd.exe' /c ping -n 2 127.0.0.1 > nul && del %WINDIR%\SysWOW64\Wbem\WmiPrvSE.exe > nul' (со скрытым окном)
- '%WINDIR%\syswow64\wbem\wmiprvse.exe'
- '%WINDIR%\syswow64\taskmgr.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ping -n 2 127.0.0.1 > nul && del %WINDIR%\SysWOW64\Wbem\WmiPrvSE.exe > nul
- '%WINDIR%\syswow64\ping.exe' -n 2 127.0.0.1