Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{T1PSY51R-YCEK-OCO5-Z7A-YW92S1QDCGW}' = '"%APPDATA%\amd64_ws3cap.inf_31bf3856ad364e35_6.1.7601.17514_none_f4edf2835af3f471\UserAccountCon...
- %APPDATA%\TC.exe
- %APPDATA%\1.png
- %APPDATA%\2.exe
- %APPDATA%\loader.exe
- %TEMP%\nsg3.tmp
- %TEMP%\nsb4.tmp\System.dll
- %APPDATA%\1337\MINER.exe
- %APPDATA%\1337\svhost.exe
- %APPDATA%\amd64_ws3cap.inf_31bf3856ad364e35_6.1.7601.17514_none_f4edf2835af3f471\UserAccountControlSettings.exe
- %TEMP%\nsb4.tmp\System.dll
- %APPDATA%\TC.exe
- %APPDATA%\1337\MINER.exe в %APPDATA%\amd64_ws3cap.inf_31bf3856ad364e35_6.1.7601.17514_none_f4edf2835af3f471\UserAccountControlSettings.exe
- 'ip###ger.org':443
- DNS ASK google-public-dns-a.google.com
- DNS ASK ip###ger.org
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- '%APPDATA%\TC.exe' -s -p951753
- '%APPDATA%\loader.exe'
- '%APPDATA%\2.exe'
- '%APPDATA%\1337\MINER.exe'
- '%APPDATA%\1337\svhost.exe'
- '%APPDATA%\amd64_ws3cap.inf_31bf3856ad364e35_6.1.7601.17514_none_f4edf2835af3f471\UserAccountControlSettings.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %APPDATA%\1.png