Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'runAPI43' = '"%TEMP%\runAPI85.exe"'
- win83.exe
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKLM>\SOFTWARE\Wow6432Node\FlashFXP]
- [<HKLM>\Software\Wow6432Node\Ghisler\Total Commander]
- [<HKCU>\Software\Ghisler\Total Commander]
- %TEMP%\win83.exe
- %TEMP%\runapi85.exe
- %TEMP%\2d0213f595da30d1ec2090e396d93a4f.jpg
- %TEMP%\report_12-02-2020_13-23-20.bin
- %TEMP%\logi tbou\report_12-02-2020_13-23-20.bin
- %TEMP%\12-02-2020_13-23-20-file-paths.txt
- %TEMP%\logi tbou\12-02-2020_13-23-20-key3.db
- %TEMP%\logi tbou\12-02-2020_13-23-20-key3_1.db
- %TEMP%\report_12-02-2020_13-23-20.bin
- %TEMP%\12-02-2020_13-23-20-file-paths.txt
- %TEMP%\win83.exe
- 'smtp.yandex.ru':25
- DNS ASK smtp.yandex.ru
- '%TEMP%\win83.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del "%TEMP%\win83.exe" >> NUL' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c del "%TEMP%\win83.exe" >> NUL