Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'X4D2588LV44H10' = '%ALLUSERSPROFILE%\Network\17P111F411V4X\X4D2588LV44H10.exe'
- %ALLUSERSPROFILE%\network\17p111f411v4x\x4d2588lv44h10.exe
- %ALLUSERSPROFILE%\network\17p111f411v4x\nw_elf.dll
- %ALLUSERSPROFILE%\network\17p111f411v4x\x4d2588lv44h10.data
- %ALLUSERSPROFILE%\network\17p111f411v4x\qq310008614
- %TEMP%\u0922kx1\j13p3hlm2929juyz8585z5411h.data
- %TEMP%\u0922kx1\nw_elf.dll
- %TEMP%\u0922kx1\j13p3hlm2929juyz8585z5411h.exe
- %TEMP%\u0922kx1\qq310008614
- %ALLUSERSPROFILE%\network\17p111f411v4x\qq310008614
- %TEMP%\u0922kx1\qq310008614
- '8.##0.14.22':23197
- '8.##0.14.22':23171
- http://8.###.14.22:23197/5.0.0.0/client.dll via 8.##0.14.22
- '8.##0.14.22':23171
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'MSAA_DA_Class' WindowName: 'MSAA_DA_460'
- '%ALLUSERSPROFILE%\network\17p111f411v4x\x4d2588lv44h10.exe'
- '%TEMP%\u0922kx1\j13p3hlm2929juyz8585z5411h.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ver' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ver