Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\windowskerneldrivers.exe
- %APPDATA%\screenshot.bmp
- %TEMP%\mci5437.tmp
- 'ap#.#pify.org':80
- 'si#########sing-103-119-240-166.loca.lt':80
- http://ap#.#pify.org/
- http://si#########sing-103-119-240-166.loca.lt/a?ui###################################################
- DNS ASK ap#.#pify.org
- DNS ASK si#########sing-103-119-240-166.loca.lt
- '%WINDIR%\syswow64\cmd.exe' /c whoami
- '%WINDIR%\syswow64\cmd.exe' /c systeminfo
- '%WINDIR%\syswow64\net1.exe' localgroup
- '%WINDIR%\syswow64\net.exe' localgroup
- '%WINDIR%\syswow64\cmd.exe' /c net localgroup
- '%WINDIR%\syswow64\netstat.exe' -nao
- '%WINDIR%\syswow64\cmd.exe' /c netstat -nao
- '%WINDIR%\syswow64\route.exe' print
- '%WINDIR%\syswow64\cmd.exe' /c route print
- '%WINDIR%\syswow64\net1.exe' share
- '%WINDIR%\syswow64\systeminfo.exe'
- '%WINDIR%\syswow64\net.exe' share
- '%WINDIR%\syswow64\net.exe' view /all
- '%WINDIR%\syswow64\cmd.exe' /c net view /all
- '%WINDIR%\syswow64\ipconfig.exe' /all
- '%WINDIR%\syswow64\cmd.exe' /c ipconfig /all
- '%WINDIR%\syswow64\arp.exe' -a
- '%WINDIR%\syswow64\cmd.exe' /c arp -a
- '%WINDIR%\syswow64\whoami.exe' /all
- '%WINDIR%\syswow64\cmd.exe' /c whoami /all
- '%WINDIR%\syswow64\whoami.exe'
- '%WINDIR%\syswow64\cmd.exe' /c net share
- '%WINDIR%\syswow64\cmd.exe' /c ver