Техническая информация
- '%TEMP%\tmp.exe'
- '%TEMP%\ArabPorn.exe'
- '%TEMP%\ArabPorn.sfx.exe' -palaa1980 -d<LS_APPDATA>\Temp
- '%TEMP%\tmp.exe' (загружен из сети Интернет)
- '<SYSTEM32>\wsqmcons.exe'
- '<SYSTEM32>\schtasks.exe' /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\hack.bat" "
- '<SYSTEM32>\wbem\WMIADAP.EXE' /F /T /R
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- %TEMP%\tmp.exe
- <SYSTEM32>\LogFiles\Scm\aede0dba-f6fd-4fa0-988e-4a901f0374d4
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\ArabPorn[1].exe
- %TEMP%\ArabPorn.sfx.exe
- %TEMP%\hack.bat
- %TEMP%\ArabPorn.exe
- <SYSTEM32>\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- 'rg##st.net':80
- 'localhost':52887
- rg##st.net/download/45007394/53cac4df1ab72cba174e002e0fa517cbc71d017d/ArabPorn.exe
- DNS ASK rg##st.net