Техническая информация
- %TEMP%\unlocked-explorer.exe
- %TEMP%\unlocked-osk.exe
- %TEMP%\unlocked-control.exe
- %TEMP%\poc.exe
- %TEMP%\ckz_MF73\spy.exe
- %TEMP%\unlocked-cmd.exe
- %TEMP%\uacpoc.exe
- %TEMP%\ikatrunner.exe
- %TEMP%\winspy.exe
- %TEMP%\gpdisable.exe
- %TEMP%\localexecutor.exe
- %WINDIR%\explorer.exe "::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}"
- %WINDIR%\pchealth\helpctr\binaries\HelpCtr.exe -FromHCP -url "hcp://a/"
- <SYSTEM32>\msswchx.exe SWCH
- <SYSTEM32>\cmd.exe /c ""%TEMP%\run.bat" "
- %TEMP%\poc.exe
- %TEMP%\gpdisable.exe
- %TEMP%\unlocked-cmd.exe
- %TEMP%\run.bat
- %TEMP%\MPC1.tmp
- %TEMP%\ckz_MF73\spy.exe
- %TEMP%\ckz_MF73\vdsrun50.dll
- %TEMP%\localexecutor.exe
- %TEMP%\unlocked-explorer.exe
- %TEMP%\unlocked-osk.exe
- %TEMP%\unlocked-control.exe
- %TEMP%\winspy.exe
- %TEMP%\files
- %TEMP%\ikatrunner.exe
- %TEMP%\uacpoc.exe
- 'localhost':1035
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'OutlookExpressHiddenWindow' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''