Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Corporation QbHXQaGXKgHaaKZh' = '%APPDATA%\QbHXQaGXKgHaaKZh.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- '%APPDATA%\adc.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %APPDATA%\QbHXQaGXKgHaaKZh.exe:Zone.Identifier
- C:\ff0d90228beb5860b38cefdafa363523d98969e2
- %APPDATA%\QbHXQaGXKgHaaKZh.exe
- %APPDATA%\adc.exe
- %APPDATA%\adc.exe:Zone.Identifier
- C:\ff0d90228beb5860b38cefdafa363523d98969e2
- %APPDATA%\adc.exe
- %APPDATA%\QbHXQaGXKgHaaKZh.exe
- 'he#####erg777.ddns.net':54396
- DNS ASK he#####erg777.ddns.net
- ClassName: 'Indicator' WindowName: ''