Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'qSILlzCwXB ' = '"%APPDATA%\qSILlzCwXB\qSILlzCwXB.exe"'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe' /qSILlzCwXB /%APPDATA%\qSILlzCwXB\qSILlzCwXB.exe
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %APPDATA%\qSILlzCwXB\qSILlzCwXB.xml
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\.Identifier
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\.Identifier
- %APPDATA%\qSILlzCwXB\qSILlzCwXB.xml в %APPDATA%\qSILlzCwXB\qSILlzCwXB.exe
- 'ne#####k5.serveblog.net':1618
- 'so#####e4check.mooo.com':1618
- DNS ASK ne#####k5.serveblog.net
- DNS ASK so#####e4check.mooo.com
- ClassName: 'Indicator' WindowName: ''