Техническая информация
- '%TEMP%\svchost06.exe' 123456789 %TEMP%\pgbgree.exe
- '%TEMP%\DNFТеХЅ0615A.exe'
- '%TEMP%\svchost06.exe'
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\net.exe' stop alg /y
- '<SYSTEM32>\net1.exe' stop alg /y
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\5a8ff7a6ad7e38ec83dcaa35f9967198_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\d6f840125dc4ddac70cb827cbd6d13db_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %TEMP%\svchost06.exe
- %TEMP%\DNFТеХЅ0615A.exe
- '12#.#25.114.144':80
- 'us##.#zone.qq.com':80
- 'localhost':1037
- '11#.#7.251.199':8082
- us##.#zone.qq.com/453198928/blog/1344939460
- 12#.#25.114.144/
- DNS ASK us##.#zone.qq.com
- DNS ASK www.ba##u.com
- ClassName: 'Shell_TrayWnd' WindowName: ''