Техническая информация
- 'C:\WinSafe\Rwin.exe'
- 'C:\WinSafe\FunshionInstall_C107941.exe'
- 'C:\WinSafe\Rwin.exe' (загружен из сети Интернет)
- 'C:\WinSafe\FunshionInstall_C107941.exe' (загружен из сети Интернет)
- '<SYSTEM32>\wbem\WMIADAP.EXE' /F /T /R
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- <SYSTEM32>\LogFiles\Scm\9d774a32-03f6-4092-9d56-19bb0dc4f0e9
- C:\WinSafe\Rwin.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\FunshionInstall[1].exe
- C:\WinSafe\FunshionInstall_C107941.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\atrw[1].bmp
- %WINDIR%\inf\WmiApRpl\WmiApRpl.h
- %WINDIR%\inf\WmiApRpl\0019\WmiApRpl.ini
- <SYSTEM32>\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
- <SYSTEM32>\PerfStringBackup.TMP
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- %WINDIR%\inf\WmiApRpl\0009\WmiApRpl.ini
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'd.###6mu.com':80
- 'vi#.#aqio.com':9999
- d.###6mu.com/atrw.bmp
- d.###6mu.com/FunshionInstall.exe
- DNS ASK d.###6mu.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK vi#.#aqio.com