Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '84-2031112502-12-5-1-S\' = 'C:\84-2031112502-12-5-1-S\S-1-5-21-2052111302-48.exe'
- '%TEMP%\0.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\rsfqvixo.cmdline"
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 496
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'
- '<SYSTEM32>\notepad.exe' 168 "C:\84-2031112502-12-5-1-S\S-1-5-21-2052111302-48.exe"
- <SYSTEM32>\notepad.exe
- %TEMP%\rsfqvixo.out
- %TEMP%\rsfqvixo.cmdline
- %TEMP%\2D150.dmp
- %TEMP%\dw.log
- %TEMP%\0.exe
- C:\84-2031112502-12-5-1-S\S-1-5-21-2052111302-48.exe
- %TEMP%\rsfqvixo.0.cs
- %TEMP%\eKSsnuIfqE.txt
- %TEMP%\rsfqvixo.cmdline
- %TEMP%\rsfqvixo.0.cs
- %TEMP%\rsfqvixo.out
- 'localhost':1474
- '86.##4.216.183':1474
- ClassName: 'Shell_TrayWnd' WindowName: ''