Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'qservices' = '%WINDIR%\qservice.exe'
- '%WINDIR%\qservice.exe' /start
- '%TEMP%\Server.exe'
- '%WINDIR%\Cicilia.exe'
- Библиотека-обработчик для всех процессов: %WINDIR%\kurlmon.dll
- %WINDIR%\kurlmon.dll
- %WINDIR%\services.dll
- <DRIVERS>\KeenSense.sys
- <SYSTEM32>\HookApi.dll
- <DRIVERS>\ksdevice.sys
- <SYSTEM32>\aplib.dll
- %WINDIR%\Cicilia.exe
- %TEMP%\tmp.exe
- %WINDIR%\qservice.exe
- %TEMP%\Server.exe
- %WINDIR%\services.dll
- %WINDIR%\qservice.exe
- %TEMP%\tmp.exe
- 'an###a.edu.tr':53
- '21#.#01.97.7':53
- '15#.164.1.8':53
- 'www.ao#.com':80
- '<IP-адрес в локальной сети>':53
- '15#.#64.23.201':53
- DNS ASK eg#.edu.tr
- DNS ASK an###a.edu.tr
- DNS ASK www.ao#.com
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'