Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BQE Start' = '%ALLUSERSPROFILE%\Application Data\JGSFQA\BQE.exe'
- Библиотека-обработчик для всех процессов: %ALLUSERSPROFILE%\Application Data\JGSFQA\BQE.01
- %ALLUSERSPROFILE%\Application Data\JGSFQA\BQE.02
- %HOMEPATH%\Desktop\10373851_879116882104112_1005269裎
- %ALLUSERSPROFILE%\Application Data\JJH\BQE.004
- %ALLUSERSPROFILE%\Application Data\JGSFQA\BQE.01
- <LS_APPDATA>\Spoon\Sandbox\Dar us slam \2.0.0.5.0\xsandbox.bin.__tmp__
- %ALLUSERSPROFILE%\Application Data\JGSFQA\BQE.exe
- %ALLUSERSPROFILE%\Application Data\JGSFQA\BQE.00
- <LS_APPDATA>\Spoon\Sandbox\Dar us slam \2.0.0.5.0\xsandbox.bin.__tmp__ в <LS_APPDATA>\Spoon\Sandbox\Dar us slam \2.0.0.5.0\xsandbox.bin
- 'st###.spoon.net':443
- DNS ASK st###.spoon.net
- ClassName: '(null)' WindowName: 'AKLMW'