Техническая информация
- <SYSTEM32>\tasks\nvngxupdatecheckdaily_{78821544-1544-1544-1544-788215441544}
- %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %LOCALAPPDATA%\google\chrome\user data\default\web data
- %LOCALAPPDATA%\google\chrome\user data\default\cookies
- %APPDATA%\opera software\opera stable\login data
- %TEMP%\4dd3.tmp
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-utility-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-time-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-string-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-stdio-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-runtime-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-process-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-private-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-multibyte-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-file-l2-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-file-l1-2-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-heap-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-filesystem-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-environment-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-convert-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-conio-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-util-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-timezone-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-sysinfo-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-math-l1-1-0.dll
- %TEMP%\tmpa339.tmp
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-handle-l1-1-0.dll
- %TEMP%\tmpa337.tmp
- %TEMP%\tmpa326.tmp
- %TEMP%\tmpa325.tmp
- %TEMP%\tmpa324.tmp
- %TEMP%\tmpa314.tmp
- %TEMP%\tmpa303.tmp
- %TEMP%\tmpa2f3.tmp
- nul
- %LOCALAPPDATA%low\of5sshnjx8e.zip
- %LOCALAPPDATA%low\bbkqblnhz-shm
- %LOCALAPPDATA%low\bbkqblnhz
- %LOCALAPPDATA%low\4fjugx4yz-shm
- %LOCALAPPDATA%low\4fjugx4yz
- %LOCALAPPDATA%low\ikl3xz54l-shm
- %LOCALAPPDATA%low\ikl3xz54l
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-memory-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-localization-l1-2-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-libraryloader-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-interlocked-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-synch-l1-2-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-locale-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-heap-l1-1-0.dll
- %TEMP%\tmpa338.tmp
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-rtlsupport-l1-1-0.dll
- %LOCALAPPDATA%low\vmluvghmh
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\softokn3.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\qipcap.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\prldap60.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\nssdbm3.dll
- %LOCALAPPDATA%low\cclu1a5hpwb.zip
- %LOCALAPPDATA%low\machineinfo.txt
- %LOCALAPPDATA%low\vmluvghmh-shm
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\accessiblemarshal.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\vcruntime140.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\accessiblehandler.dll
- %LOCALAPPDATA%low\firefox_urls.txt
- %LOCALAPPDATA%low\j8lnsbhis-shm
- %LOCALAPPDATA%low\j8lnsbhis
- %LOCALAPPDATA%low\fraqbc8ws-shm
- %LOCALAPPDATA%low\fraqbc8ws
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-memory-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-localization-l1-2-0.dll
- %LOCALAPPDATA%low\htyi8y5k7
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\breakpadinjector.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-profile-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-string-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\ucrtbase.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-processthreads-l1-1-1.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-processthreads-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-processenvironment-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-namedpipe-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\nssckbi.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\nss3.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\msvcp140.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\mozmapi32_inuse.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\mozmapi32.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\mozglue.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\mapiproxy_inuse.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\mapiproxy.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\libegl.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\lgpllibs.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\ldif60.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\ldap60.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\ia2marshal.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\freebl3.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-synch-l1-1-0.dll
- %TEMP%\tmp69c2.tmp
- %TEMP%\tmpa34a.tmp
- %TEMP%\tmpa4e2.tmp
- %TEMP%\tmpa4e1.tmp
- %TEMP%\tmpa4e0.tmp
- %TEMP%\tmpa4cf.tmp
- %TEMP%\tmpa4ce.tmp
- %TEMP%\tmpa4cd.tmp
- %TEMP%\tmpa4cc.tmp
- %TEMP%\tmpa4bc.tmp
- %TEMP%\tmpa4e3.tmp
- %TEMP%\tmpa4f4.tmp
- %TEMP%\tmpa4bb.tmp
- %TEMP%\tmpa4a8.tmp
- %TEMP%\tmpa4a7.tmp
- %TEMP%\tmpa4a6.tmp
- %TEMP%\tmpa495.tmp
- %TEMP%\tmpa494.tmp
- %TEMP%\tmpa493.tmp
- %TEMP%\tmpa483.tmp
- %TEMP%\tmpa4ba.tmp
- %TEMP%\tmpa4b9.tmp
- %TEMP%\tmpa34b.tmp
- %TEMP%\tmpa4f5.tmp
- %TEMP%\tmpa565.tmp
- %TEMP%\tmpa554.tmp
- %TEMP%\tmpa553.tmp
- %TEMP%\tmpa543.tmp
- %TEMP%\tmpa542.tmp
- %TEMP%\tmpa541.tmp
- %TEMP%\tmpa540.tmp
- %TEMP%\tmpa52f.tmp
- %TEMP%\tmpa52e.tmp
- %TEMP%\tmpa52d.tmp
- %TEMP%\tmpa51d.tmp
- %TEMP%\tmpa51c.tmp
- %TEMP%\tmpa51b.tmp
- %TEMP%\tmpa51a.tmp
- %TEMP%\tmpa509.tmp
- %TEMP%\tmpa508.tmp
- %TEMP%\tmpa507.tmp
- %TEMP%\tmpa4f6.tmp
- %TEMP%\tmpa482.tmp
- %TEMP%\tmpa481.tmp
- %TEMP%\tmpa4f3.tmp
- %TEMP%\tmpa480.tmp
- %TEMP%\tmpa46f.tmp
- %TEMP%\tmpa3cb.tmp
- %TEMP%\tmpa382.tmp
- %TEMP%\tmpa3b9.tmp
- %TEMP%\tmpa3b8.tmp
- %TEMP%\tmpa3a8.tmp
- %TEMP%\tmpa3a7.tmp
- %TEMP%\tmpa396.tmp
- %TEMP%\tmpa395.tmp
- %TEMP%\tmpa394.tmp
- %TEMP%\tmpa383.tmp
- %TEMP%\tmpa381.tmp
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-libraryloader-l1-1-0.dll
- %TEMP%\tmpa371.tmp
- %TEMP%\tmpa370.tmp
- %TEMP%\tmpa35f.tmp
- %TEMP%\tmpa35e.tmp
- %TEMP%\tmpa35d.tmp
- %TEMP%\tmpa35c.tmp
- %TEMP%\tmpa34c.tmp
- %TEMP%\tmpa3cc.tmp
- %TEMP%\tmpa3cd.tmp
- %LOCALAPPDATA%low\htyi8y5k7-shm
- %TEMP%\tmpa3de.tmp
- %TEMP%\tmpa3dd.tmp
- %TEMP%\tmpa3ba.tmp
- %TEMP%\tmpa46d.tmp
- %TEMP%\tmpa45d.tmp
- %TEMP%\tmpa45c.tmp
- %TEMP%\tmpa45b.tmp
- %TEMP%\tmpa44a.tmp
- %TEMP%\tmpa449.tmp
- %TEMP%\tmpa448.tmp
- %TEMP%\tmpa437.tmp
- %TEMP%\tmpa436.tmp
- %TEMP%\tmpa426.tmp
- %TEMP%\tmpa425.tmp
- %TEMP%\tmpa414.tmp
- %TEMP%\tmpa413.tmp
- %TEMP%\tmpa403.tmp
- %TEMP%\tmpa402.tmp
- %TEMP%\tmpa401.tmp
- %TEMP%\tmpa3f0.tmp
- %TEMP%\tmpa3ef.tmp
- %TEMP%\tmpa46e.tmp
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-interlocked-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-heap-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-handle-l1-1-0.dll
- %TEMP%\tmp6870.tmp
- %TEMP%\tmp68a6.tmp
- %TEMP%\tmp68a5.tmp
- %TEMP%\tmp6894.tmp
- %TEMP%\tmp6893.tmp
- %TEMP%\tmp6883.tmp
- %TEMP%\tmp6882.tmp
- %TEMP%\tmp6881.tmp
- %TEMP%\tmp68ba.tmp
- %TEMP%\tmp68b8.tmp
- %TEMP%\tmp68b9.tmp
- %TEMP%\tmp685e.tmp
- %TEMP%\tmp684d.tmp
- %TEMP%\tmp684c.tmp
- %TEMP%\tmp684b.tmp
- %TEMP%\tmp684a.tmp
- %TEMP%\tmp681a.tmp
- %TEMP%\tmp6819.tmp
- %TEMP%\tmp686e.tmp
- %TEMP%\tmp68ca.tmp
- %TEMP%\tmp694a.tmp
- %TEMP%\tmp6809.tmp
- %TEMP%\tmp6807.tmp
- %TEMP%\tmp693a.tmp
- %TEMP%\tmp6939.tmp
- %TEMP%\tmp6938.tmp
- %TEMP%\tmp6937.tmp
- %TEMP%\tmp6926.tmp
- %TEMP%\tmp6925.tmp
- %TEMP%\tmp6924.tmp
- %TEMP%\tmp6923.tmp
- %TEMP%\tmp6913.tmp
- %TEMP%\tmp6912.tmp
- %TEMP%\tmp6901.tmp
- %TEMP%\tmp6900.tmp
- %TEMP%\tmp68ff.tmp
- %TEMP%\tmp68ee.tmp
- %TEMP%\tmp68ed.tmp
- %TEMP%\tmp68dd.tmp
- %TEMP%\tmp68dc.tmp
- %TEMP%\tmp68cb.tmp
- %TEMP%\tmp686f.tmp
- %TEMP%\tmp6808.tmp
- %TEMP%\tmp6806.tmp
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\ih7oe4ur9pw5zj0o.zip
- %LOCALAPPDATA%low\rywtiizs2t
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\3ccd5499-87a8-4b10-a215-608888dd3b55.vsch
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\policy.vpol
- %LOCALAPPDATA%low\bbsqwy6yhk
- %LOCALAPPDATA%low\gxix4a2dre
- %LOCALAPPDATA%low\exuieaoeii
- %LOCALAPPDATA%low\3solbph71y
- %LOCALAPPDATA%low\x3cf3ednhm
- %LOCALAPPDATA%low\rqf69azbla
- %LOCALAPPDATA%low\1xvpfvjcrg
- %LOCALAPPDATA%\microsoft\vault\4bf4c442-9b8a-41a0-b380-dd4a704ddb28\policy.vpol
- %LOCALAPPDATA%low\fraqbc8wsa
- %TEMP%\f21e.tmp.exe
- %TEMP%\da2a.tmp.exe
- %LOCALAPPDATA%low\sqlite3.dll
- %TEMP%\b7ac.tmp.exe
- %TEMP%\a756.tmp.exe
- %APPDATA%\weiwhaw
- %APPDATA%\tdgjvhw
- %TEMP%\tmp694b.tmp
- %TEMP%\tmpa5d4.tmp
- %TEMP%\d9b.tmp.exe
- %TEMP%\2ea4.tmp.exe
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\2f1a6504-0641-44cf-8bb5-3612d865f2e5.vsch
- %TEMP%\tmp67f5.tmp
- %TEMP%\tmp67f4.tmp
- %TEMP%\tmp67e3.tmp
- %TEMP%\tmp67e2.tmp
- %TEMP%\tmp67e1.tmp
- %TEMP%\tmp67d1.tmp
- %TEMP%\tmp67d0.tmp
- %TEMP%\tmp67cf.tmp
- %TEMP%\tmp67be.tmp
- %TEMP%\tmp67bd.tmp
- %TEMP%\tmp67bc.tmp
- %TEMP%\tmp67ac.tmp
- %TEMP%\tmp67ab.tmp
- %TEMP%\tmp678a.tmp
- %TEMP%\tmp675b.tmp
- %TEMP%\tmp675a.tmp
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\ar8pj3hc8rg2st.zip
- %ALLUSERSPROFILE%\s6q6t6u2q6q6t6u2q6\nlpn54tlizft.nlp
- %TEMP%\1df0.tmp.exe
- %TEMP%\tmpa576.tmp
- %TEMP%\tmp694c.tmp
- %TEMP%\tmp695f.tmp
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-synch-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-rtlsupport-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-profile-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-processthreads-l1-1-1.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-processthreads-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-processenvironment-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-namedpipe-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\nssckbi.dll
- %TEMP%\tmp68a7.tmp
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\nss3.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\msvcp140.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\mozmapi32.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\mozglue.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\mapiproxy_inuse.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\mapiproxy.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\libegl.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\lgpllibs.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\ldif60.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-string-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-synch-l1-2-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-file-l2-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\ia2marshal.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-sysinfo-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-file-l1-2-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-utility-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-time-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-string-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-stdio-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-runtime-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-process-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-private-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-multibyte-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-math-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-locale-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-heap-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-filesystem-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-environment-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-convert-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-conio-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-util-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-timezone-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\ldap60.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\mozmapi32_inuse.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\freebl3.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\breakpadinjector.dll
- %TEMP%\tmp694d.tmp
- %TEMP%\tmp6987.tmp
- %TEMP%\tmp69ae.tmp
- %TEMP%\tmp69ad.tmp
- %TEMP%\tmp69ac.tmp
- %TEMP%\tmp699c.tmp
- %TEMP%\tmp699b.tmp
- %TEMP%\tmp699a.tmp
- %TEMP%\tmp6999.tmp
- %TEMP%\tmp6988.tmp
- %TEMP%\tmp6986.tmp
- %TEMP%\tmp69b0.tmp
- %TEMP%\tmp6976.tmp
- %TEMP%\tmp6975.tmp
- %TEMP%\tmp6974.tmp
- %TEMP%\tmp6973.tmp
- %TEMP%\tmp6972.tmp
- %TEMP%\tmp6961.tmp
- %TEMP%\tmp6960.tmp
- %TEMP%\tmp69c1.tmp
- %TEMP%\tmp695e.tmp
- %TEMP%\tmp69c3.tmp
- %TEMP%\tmp69d5.tmp
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\accessiblemarshal.dll
- %TEMP%\tmp69af.tmp
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\accessiblehandler.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\vcruntime140.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\ucrtbase.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\softokn3.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\qipcap.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\prldap60.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\nssdbm3.dll
- %TEMP%\tmp6a1d.tmp
- %TEMP%\tmp6a1c.tmp
- %TEMP%\tmp69fc.tmp
- %TEMP%\tmp69eb.tmp
- %TEMP%\tmp69ea.tmp
- %TEMP%\tmp69e9.tmp
- %TEMP%\tmp69d9.tmp
- %TEMP%\tmp69d8.tmp
- %TEMP%\tmp69d7.tmp
- %TEMP%\tmp69d6.tmp
- %TEMP%\tmp69c4.tmp
- %TEMP%\tmpa5e5.tmp
- %APPDATA%\tdgjvhw
- %APPDATA%\weiwhaw
- %LOCALAPPDATA%low\fraqbc8wsa
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-timezone-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-util-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-conio-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-convert-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-environment-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-filesystem-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-heap-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-locale-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-math-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-multibyte-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-private-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-process-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\accessiblemarshal.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-runtime-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-string-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-time-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-utility-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\breakpadinjector.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\freebl3.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\ia2marshal.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\ldap60.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\ldif60.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\lgpllibs.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\libegl.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\mapiproxy.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\mapiproxy_inuse.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-synch-l1-2-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-sysinfo-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-synch-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-string-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-rtlsupport-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\mozmapi32_inuse.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\msvcp140.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\nss3.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\nssckbi.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\nssdbm3.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\prldap60.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\qipcap.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\softokn3.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\ucrtbase.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\vcruntime140.dll
- %LOCALAPPDATA%low\sqlite3.dll
- %LOCALAPPDATA%low\of5sshnjx8e.zip
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\mozglue.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-crt-stdio-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\accessiblehandler.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-file-l2-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-handle-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-heap-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-interlocked-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-libraryloader-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-localization-l1-2-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-memory-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-namedpipe-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-processenvironment-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-processthreads-l1-1-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-processthreads-l1-1-1.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-profile-l1-1-0.dll
- %LOCALAPPDATA%low\bbkqblnhz
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\api-ms-win-core-file-l1-2-0.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\mozmapi32.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\mozmapi32_inuse.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\msvcp140.dll
- %TEMP%\tmpa45c.tmp
- %TEMP%\tmpa46d.tmp
- %TEMP%\tmpa46f.tmp
- %TEMP%\tmpa481.tmp
- %TEMP%\tmpa483.tmp
- %TEMP%\tmpa494.tmp
- %TEMP%\tmpa4a6.tmp
- %TEMP%\tmpa4a8.tmp
- %TEMP%\tmpa4ba.tmp
- %TEMP%\tmpa4bc.tmp
- %TEMP%\tmpa4cd.tmp
- %TEMP%\tmpa4cf.tmp
- %TEMP%\tmpa4e1.tmp
- %TEMP%\tmpa4f4.tmp
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\mozmapi32.dll
- %TEMP%\tmpa4f6.tmp
- %TEMP%\tmpa508.tmp
- %TEMP%\tmpa51a.tmp
- %TEMP%\tmpa51c.tmp
- %TEMP%\tmpa52d.tmp
- %TEMP%\tmpa52f.tmp
- %TEMP%\tmpa541.tmp
- %TEMP%\tmpa543.tmp
- %TEMP%\tmpa554.tmp
- %TEMP%\tmpa565.tmp
- %TEMP%\tmpa576.tmp
- %TEMP%\tmpa5d4.tmp
- %TEMP%\tmpa5e5.tmp
- %TEMP%\tmpa44a.tmp
- %TEMP%\tmpa35d.tmp
- %TEMP%\tmpa448.tmp
- %TEMP%\tmpa34c.tmp
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\nss3.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\nssckbi.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\nssdbm3.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\prldap60.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\qipcap.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\softokn3.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\ucrtbase.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\vcruntime140.dll
- %TEMP%\tmpa303.tmp
- %TEMP%\tmpa324.tmp
- %TEMP%\tmpa326.tmp
- %TEMP%\tmpa338.tmp
- %TEMP%\tmpa34a.tmp
- %TEMP%\1df0.tmp.exe
- %TEMP%\tmpa425.tmp
- %TEMP%\tmpa35f.tmp
- %TEMP%\tmpa371.tmp
- %TEMP%\tmpa382.tmp
- %TEMP%\tmpa394.tmp
- %TEMP%\tmpa396.tmp
- %TEMP%\tmpa3a8.tmp
- %TEMP%\tmpa3b9.tmp
- %TEMP%\tmpa3cb.tmp
- %TEMP%\tmpa3cd.tmp
- %TEMP%\tmpa3de.tmp
- %TEMP%\tmpa3f0.tmp
- %TEMP%\tmpa402.tmp
- %TEMP%\tmpa413.tmp
- %TEMP%\tmpa436.tmp
- %TEMP%\tmpa4e3.tmp
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\mozglue.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-time-l1-1-0.dll
- %TEMP%\tmp6901.tmp
- %TEMP%\tmp6913.tmp
- %TEMP%\tmp6924.tmp
- %TEMP%\tmp6926.tmp
- %TEMP%\tmp6938.tmp
- %TEMP%\tmp693a.tmp
- %TEMP%\tmp694b.tmp
- %TEMP%\tmp694d.tmp
- %TEMP%\tmp695f.tmp
- %TEMP%\tmp6961.tmp
- %TEMP%\tmp6973.tmp
- %TEMP%\tmp6975.tmp
- %TEMP%\tmp67e1.tmp
- %TEMP%\tmp6986.tmp
- %TEMP%\tmp699a.tmp
- %TEMP%\tmp699c.tmp
- %TEMP%\tmp69ad.tmp
- %TEMP%\tmp69af.tmp
- %TEMP%\tmp69c1.tmp
- %TEMP%\tmp69c3.tmp
- %TEMP%\tmp69d5.tmp
- %TEMP%\tmp69d7.tmp
- %TEMP%\tmp69d9.tmp
- %TEMP%\tmp69ea.tmp
- %TEMP%\tmp69eb.tmp
- %TEMP%\tmp69fc.tmp
- %TEMP%\tmp68ed.tmp
- %TEMP%\tmp68ff.tmp
- %TEMP%\tmp68dc.tmp
- %TEMP%\tmp68ca.tmp
- %TEMP%\tmp68b9.tmp
- %LOCALAPPDATA%low\rywtiizs2t
- %LOCALAPPDATA%low\rqf69azbla
- %LOCALAPPDATA%low\x3cf3ednhm
- %LOCALAPPDATA%low\3solbph71y
- %LOCALAPPDATA%low\exuieaoeii
- %LOCALAPPDATA%low\gxix4a2dre
- %LOCALAPPDATA%low\bbsqwy6yhk
- %ALLUSERSPROFILE%\s6q6t6u2q6q6t6u2q6\nlpn54tlizft.nlp
- %TEMP%\tmp675b.tmp
- %TEMP%\tmp67ab.tmp
- %TEMP%\tmp67bc.tmp
- %TEMP%\tmp67be.tmp
- %TEMP%\tmp6a1c.tmp
- %TEMP%\tmp6988.tmp
- %TEMP%\tmp67d0.tmp
- %TEMP%\tmp67f5.tmp
- %TEMP%\tmp6807.tmp
- %TEMP%\tmp6809.tmp
- %TEMP%\tmp681a.tmp
- %TEMP%\tmp684b.tmp
- %TEMP%\tmp684d.tmp
- %TEMP%\tmp686e.tmp
- %TEMP%\tmp6870.tmp
- %TEMP%\tmp6882.tmp
- %TEMP%\tmp6893.tmp
- %TEMP%\tmp68a5.tmp
- %TEMP%\tmp68a7.tmp
- %LOCALAPPDATA%low\1xvpfvjcrg
- %TEMP%\tmp67e3.tmp
- %TEMP%\tmp6a1d.tmp
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\ih7oe4ur9pw5zj0o.zip
- %LOCALAPPDATA%low\fraqbc8ws-shm
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-conio-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-convert-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-environment-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-filesystem-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-heap-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-locale-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-math-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-multibyte-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-private-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-process-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-runtime-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-stdio-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-string-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-crt-utility-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\mapiproxy_inuse.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\breakpadinjector.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\freebl3.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\ia2marshal.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\ldap60.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\ldif60.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\lgpllibs.dll
- %LOCALAPPDATA%low\ee8sf0yg2eq6ft7\ar8pj3hc8rg2st.zip
- %LOCALAPPDATA%low\ikl3xz54l-shm
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\libegl.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\mapiproxy.dll
- %LOCALAPPDATA%low\ikl3xz54l
- %LOCALAPPDATA%low\4fjugx4yz-shm
- %LOCALAPPDATA%low\4fjugx4yz
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-util-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-handle-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-timezone-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-file-l2-1-0.dll
- %LOCALAPPDATA%low\fraqbc8ws
- %LOCALAPPDATA%low\j8lnsbhis-shm
- %LOCALAPPDATA%low\j8lnsbhis
- %LOCALAPPDATA%low\htyi8y5k7-shm
- %LOCALAPPDATA%low\htyi8y5k7
- %LOCALAPPDATA%low\vmluvghmh-shm
- %LOCALAPPDATA%low\vmluvghmh
- %LOCALAPPDATA%low\cclu1a5hpwb.zip
- %LOCALAPPDATA%low\firefox_urls.txt
- %LOCALAPPDATA%low\machineinfo.txt
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\accessiblehandler.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\accessiblemarshal.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-file-l1-2-0.dll
- %LOCALAPPDATA%low\bbkqblnhz-shm
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-synch-l1-2-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-heap-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-interlocked-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-libraryloader-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-localization-l1-2-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-memory-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-namedpipe-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-processenvironment-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-processthreads-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-processthreads-l1-1-1.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-profile-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-rtlsupport-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-string-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-synch-l1-1-0.dll
- %LOCALAPPDATA%low\pf2qc1gg7yh8hi1o\api-ms-win-core-sysinfo-l1-1-0.dll
- %TEMP%\4dd3.tmp
- %ALLUSERSPROFILE%\s6q6t6u2q6q6t6u2q6\nlpn54tlizft.nlp
- %LOCALAPPDATA%low\fraqbc8wsa
- %LOCALAPPDATA%low\1xvpfvjcrg
- %LOCALAPPDATA%low\rywtiizs2t
- %LOCALAPPDATA%low\rqf69azbla
- %LOCALAPPDATA%low\x3cf3ednhm
- %LOCALAPPDATA%low\3solbph71y
- %LOCALAPPDATA%low\exuieaoeii
- %LOCALAPPDATA%low\gxix4a2dre
- %LOCALAPPDATA%low\bbsqwy6yhk
- %LOCALAPPDATA%low\fraqbc8ws
- %LOCALAPPDATA%low\fraqbc8ws-shm
- %LOCALAPPDATA%low\firefox_urls.txt
- %LOCALAPPDATA%low\machineinfo.txt
- 'pa#####gmercedes.top':443
- '1p##.oradza.ru':443
- '45.#4.13.58':3214
- 'te##te.in':443
- 'zc#.##denther.ru':443
- '80.##.245.80':80
- '18#.#12.131.241':80
- 'ma###ash22.com':80
- 'ma###ash22.com':443
- 'ap#.ip.sb':443
- 'wh###.iana.org':43
- 'WH###.RIPE.NET':43
- http://10############6831-service1002012510022020.space/raccon.exe
- http://10############6831-service1002012510022020.space/reestr.exe
- http://10###########lder1002002131-service1002.space/
- http://10##########older33417-01242510022020.space/
- http://10############6831-service1002012510022020.space/
- http://80.##.245.80/log/
- http://45.##.13.58:3214/ via 45.#4.13.58
- http://rh##mnes.cf/
- DNS ASK 10###########lder1002002131-service1002.space
- DNS ASK wh###.iana.org
- DNS ASK ap#.ip.sb
- DNS ASK ma###ash22.com
- DNS ASK zc#.##denther.ru
- DNS ASK 1p##.oradza.ru
- DNS ASK pa#####gmercedes.top
- DNS ASK WH###.RIPE.NET
- DNS ASK te##te.in
- DNS ASK 10############5831-service1002012510022020.space
- DNS ASK 10##########older33417-01242510022020.space
- DNS ASK 10###########lder1002002531-service1002.space
- DNS ASK 10###########lder1002002431-service1002.space
- DNS ASK 10##########older3100231-service1002.space
- DNS ASK 10###########lder1002002231-service1002.space
- DNS ASK 10############6831-service1002012510022020.space
- DNS ASK rh##mnes.cf
- '%TEMP%\a756.tmp.exe'
- '%TEMP%\b7ac.tmp.exe'
- '%TEMP%\da2a.tmp.exe'
- '%TEMP%\f21e.tmp.exe'
- '%TEMP%\d9b.tmp.exe'
- '%TEMP%\1df0.tmp.exe'
- '%TEMP%\2ea4.tmp.exe'
- '%APPDATA%\tdgjvhw'
- '%APPDATA%\tdgjvhw' ' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe'
- '%WINDIR%\syswow64\cmd.exe' /C timeout /T 10 /NOBREAK > Nul & Del /f /q "%TEMP%\1DF0.tmp.exe"
- '%WINDIR%\syswow64\timeout.exe' /T 10 /NOBREAK
- '<SYSTEM32>\taskeng.exe' {051749EC-18DA-4F9A-89AE-F7C480D0B33E} S-1-5-21-1960123792-2022915161-3775307078-1001:kuftoqppn\user:Interactive:[1]