Техническая информация
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <Текущая директория>\ᬀ粀
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\qsvsxcneas[1]
- из <Полный путь к вирусу> в %TEMP%\Knqelmm0.exe
- 'qs###cneas.at':80
- 'localhost':1036
- qs###cneas.at/?13#######
- DNS ASK qs###cneas.at
- ClassName: '(null)' WindowName: 'iKVGq'
- ClassName: '(null)' WindowName: 'Xzx'
- ClassName: '(null)' WindowName: 'zs'
- ClassName: '(null)' WindowName: 'Gq oEt'
- ClassName: '(null)' WindowName: 'SavpyxueEwjj'
- ClassName: '(null)' WindowName: 'csXGdfRKfds'
- ClassName: '(null)' WindowName: ' vrsKna'
- ClassName: '(null)' WindowName: ' xs TX bfazT'
- ClassName: '(null)' WindowName: 'orPwnjWpA'
- ClassName: '(null)' WindowName: 'j EKN R qdVxq'
- ClassName: '(null)' WindowName: 'dFwFK w chy'
- ClassName: '(null)' WindowName: 'urNVRy edekj'
- ClassName: '(null)' WindowName: 'qcfyYihymH oojXd'
- ClassName: '(null)' WindowName: 'jm guzBQDIu'
- ClassName: '(null)' WindowName: 'dyilwAla jq'
- ClassName: '(null)' WindowName: 'dqgmfHygSGk'
- ClassName: '(null)' WindowName: 'y ra Fi nKxW'
- ClassName: '(null)' WindowName: 'sMcfcJnf'
- ClassName: '(null)' WindowName: ' SDKcy'
- ClassName: '(null)' WindowName: 'AlkcfC RA'
- ClassName: '(null)' WindowName: 'rHwijmt'
- ClassName: '(null)' WindowName: 'gPAlSr'
- ClassName: '(null)' WindowName: 'abCCRlky'