Техническая информация
- '%WINDIR%\winexec32.exe'
- '%WINDIR%\winexec32.exe' (загружен из сети Интернет)
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram %WINDIR%\winexec32.exe RPCCC
- '<SYSTEM32>\net1.exe' stop SharedAccess
- '<SYSTEM32>\net.exe' stop SharedAccess
- %WINDIR%\winexec32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\queowned[1].exe
- 'www.k0###nr0x.com':80
- 'localhost':1036
- www.k0###nr0x.com/downloads/queowned.exe
- DNS ASK www.k0###nr0x.com