Техническая информация
- %WINDIR%\win.ini
- nslookup.exe
- <LS_APPDATA>\nichrome\user data\default\web data
- <LS_APPDATA>\chromium\user data\default\web data
- %APPDATA%\opera software\opera stable\login data
- %APPDATA%\thunderbird\profiles.ini
- %TEMP%\fldr\yo.lm
- %TEMP%\nst2.tmp\system.dll
- %TEMP%\spectaculars.dll
- %TEMP%\baize
- %TEMP%\fldr\lshash.cpp
- %TEMP%\fldr\$p2psdk
- %TEMP%\fldr\70.opends60.dll
- %TEMP%\fldr\entserv5.gif
- %TEMP%\fldr\v2880.xml
- %TEMP%\fldr\aspnet-buildcustomreg-05.gif
- %TEMP%\fldr\dvvsdebugnativef.hxk
- %TEMP%\nslookup.exe
- %TEMP%\fldr\x-kexiproject-sqlite3.xml
- %TEMP%\fldr\wx.py
- %TEMP%\fldr\caspol.exe
- %TEMP%\fldr\textserviceselection.gif
- %TEMP%\fldr\classfieldsprivate.gif
- %TEMP%\fldr\conmanclient2.exe
- %TEMP%\fldr\vcompd.dll
- %TEMP%\fldr\mscorsecr.dll
- %TEMP%\fldr\dbgurtmnu.dll
- %TEMP%\fldr\librtmp1amd64.triggers
- %TEMP%\fldr\delayimp.h
- %TEMP%\fldr\servfilt.gif
- %APPDATA%\cea850\01dba1.lck
- %APPDATA%\cea850\01dba1.exe
- %APPDATA%\cea850\01dba1.lck
- %TEMP%\nslookup.exe в %APPDATA%\cea850\01dba1.exe
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-1229272821-842925246-1060284298-1003\f58155b4b1d5a524ca0261c3ee99fb50_5f9fe710-99e6-4c04-be62-a7f1b8b321d1
- DNS ASK sp####ckwears.ga
- '%TEMP%\nslookup.exe'