Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Defender Updater' = '%TEMP%\cc3a68ce1dad95ce662e1c51f1568e3a.exe / start'
- %APPDATA%\microsoft\windows\start menu\programs\startup\gn46.vbs
- %WINDIR%\syswow64\notepad.exe
- amex.exe
- %HOMEPATH%\desktop\dashborder_144.bmp
- %HOMEPATH%\desktop\dashborder_96.bmp
- %HOMEPATH%\desktop\applicantform_en.doc
- %HOMEPATH%\desktop\february_catalogue__2015.doc
- %HOMEPATH%\desktop\hanni_umami_chapter.doc
- %HOMEPATH%\desktop\nwfieldnotes1966.docx
- %APPDATA%\spgoh\amex.exe
- %APPDATA%\spgoh\amex.exe:zoneidentifier
- %TEMP%\fb_b368.tmp.exe
- %TEMP%\fb_b5cb.tmp.exe
- %TEMP%\cc3a68ce1dad95ce662e1c51f1568e3a.exe
- %TEMP%\info.txt
- %TEMP%\2020-05-26-12-02-screenshot.png
- http://fl#####nsiyonotel.com/images/jaf3//gate.php?hw###################
- http://fl#####nsiyonotel.com/images/jaf3//logs.php?hw###################
- http://fl#####nsiyonotel.com/images/jaf3//screen.php?hw###################
- DNS ASK fl#####nsiyonotel.com
- '%APPDATA%\spgoh\amex.exe'
- '%TEMP%\fb_b368.tmp.exe'
- '%TEMP%\fb_b5cb.tmp.exe'
- '%WINDIR%\syswow64\notepad.exe'