Техническая информация
- [<HKCU>\Software\Microsoft\Internet Explorer\Extensions\{44C7DD15-3CE6-43b8-81BB-08CD7921EB40}] 'ClsidExtension' = '{189F7938-7DB4-4b39-B65E-098907E78B88}'
- %APPDATA%\SetupHlpr.exe "/log:http://ex###ping.com/barconK/App/logSave.php?ty##############################################################
- %PROGRAM_FILES%\StartMenuSet.exe -PIN %PROGRAM_FILES% ГЦЅЕїµИ №«·бґЩїо.exe
- <SYSTEM32>\regsvr32.exe "<SYSTEM32>\Qbarcon.dll" /s
- <SYSTEM32>\Qdown.ico
- <SYSTEM32>\Qbarcon.dll
- <SYSTEM32>\SetupHlpr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\logSave[1].php
- <SYSTEM32>\UninstallQbarcon.exe
- %PROGRAM_FILES%\StartMenuSet.exe
- %APPDATA%\Qdown.ico
- %APPDATA%\SetupHlpr.exe
- %APPDATA%\ГЦЅЕїµИ №«·бґЩїо.url
- %PROGRAM_FILES%\ГЦЅЕїµИ №«·бґЩїо.exe
- %HOMEPATH%\Desktop\ГЦЅЕїµИ №«·бґЩїо.lnk
- 'ex###ping.com':80
- 'localhost':1036
- ex###ping.com/barconK/App/logSave.php?ty#############################################################
- DNS ASK ex###ping.com