Техническая информация
- %WINDIR%\tasks\instantsavings.job
- <SYSTEM32>\tasks\instantsavings
- '%TEMP%\esd-decrypter-wimlib-5_0.7z.exe-1627872834031.exe'
- %TEMP%\esd-decrypter-wimlib-5_0.7z.exe-1627872834031.exe
- %ALLUSERSPROFILE%\{525c2d13-5f15-b672-525c-c2d135f1b44d}\esd-decrypter-wimlib-5_0.7z.exe-1627872834031.exe
- %ALLUSERSPROFILE%\{525c2d13-5f15-b672-525c-c2d135f1b44d}\esd-decrypter-wimlib-5_0.7z.exe-1627872834031.dat
- %TEMP%\esd-decrypter-wimlib-5_0.7z.exe-1627872834031.exe
- 'pa###tmodel.biz':80
- 'ce####-ring.link':80
- 'gr###model.biz':80
- DNS ASK pa###tmodel.biz
- DNS ASK ce####-ring.link
- DNS ASK gr###model.biz
- '%TEMP%\esd-decrypter-wimlib-5_0.7z.exe-1627872834031.exe' ' (со скрытым окном)