Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' df88f8ff2087 df88f8ff2087 ~df88f8ff2087' = '"%PROGRAMDATA%\df88f8ff2087 df88f8ff2087 ~df88f8ff2087\ df88f8ff2087 df88f8ff2087 ~df88f8ff2...
- %PROGRAMDATA%\df88f8ff2087 df88f8ff2087 ~df88f8ff2087\bit457c.tmp
- %ProgramFiles%\df88f8~1\libeay32.dll
- %ProgramFiles%\df88f8~1\ssleay32.dll
- %ProgramFiles%\df88f8~1\dbghelp.dll
- %ProgramFiles%\df88f8~1\dump.dmp
- %ProgramFiles%\df88f8~1\dump2.dmp
- %ProgramFiles%\df88f8~1\borlndmm.dll
- %PROGRAMDATA%\df88f8ff2087 df88f8ff2087 ~df88f8ff2087\bit457c.tmp
- %PROGRAMDATA%\df88f8ff2087 df88f8ff2087 ~df88f8ff2087\ df88f8ff2087 df88f8ff2087 ~df88f8ff2087.zip
- %PROGRAMDATA%\df88f8ff2087 df88f8ff2087 ~df88f8ff2087\bit457c.tmp в %PROGRAMDATA%\df88f8ff2087 df88f8ff2087 ~df88f8ff2087\ df88f8ff2087 df88f8ff2087 ~df88f8ff2087.zip
- 'bh######.#3-eu-west-1.amazonaws.com':443
- 'lo####zaip.com.br':443
- DNS ASK bh######.#3-eu-west-1.amazonaws.com
- DNS ASK lo####zaip.com.br
- DNS ASK go##e.com
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~13,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~15,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~8,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~2,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~0,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~7,1%
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'