Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'bios' = '"%HOMEPATH%\bios.exe"'
- %HOMEPATH%\bios.exe
- %TEMP%\8afdd1075f\log.txt
- %TEMP%\8afdd1075f\screenshot.jpeg
- %TEMP%\8afdd1075f\telegram desktop\tdata\90ef50e22e92cb8c0
- %TEMP%\8afdd1075f\telegram desktop\tdata\d877f783d5d3ef8c1
- %TEMP%\8afdd1075f\telegram desktop\tdata\prefix
- %TEMP%\8afdd1075f\telegram desktop\tdata\settings0
- %TEMP%\8afdd1075f\telegram desktop\tdata\shortcuts-custom.json
- %TEMP%\8afdd1075f\telegram desktop\tdata\shortcuts-default.json
- %TEMP%\8afdd1075f\telegram desktop\tdata\usertag
- %TEMP%\8afdd1075f\telegram desktop\tdata\d877f783d5d3ef8c\map0
- %TEMP%\8afdd1075f\dotnetzip-4qr2qfxk.tmp
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\8afdd1075f\dotnetzip-4qr2qfxk.tmp в %TEMP%\8afdd1075f\user_united states_8afdd1075f_05-11-2020 12.51.31.zip
- 'ra####hankiran.com':443
- 'sm##.##ivateemail.com':587
- DNS ASK ra####hankiran.com
- DNS ASK sm##.##ivateemail.com