Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%WinDir%\Win32.exe'
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\taskkill.exe' /f /im explorer.exe > nul
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\background_gradient[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\info_48[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\bullet[1]
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\navcancl[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\alex_mobik[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\ErrorPageTemplate[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\httpErrorPagesScripts[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\errorPageStrings[1]
- 'vk.com':80
- 'localhost':61008
- vk.com/alex_mobik
- DNS ASK vk.com
- '22#.0.0.252':5355