Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SelfRunDemo' = '"C:\Users\Public\Downloads\6C4708121055\ApplicPywizable.exe"'
- C:\users\public\downloads\a2a.exe
- C:\users\public\downloads\1210557086c4.tmp
- %WINDIR%\temp\fwtsqmfile01.sqm
- C:\users\public\7086c4121055.exe
- C:\users\public\downloads\7081210556c4.lnk
- C:\users\public\downloads\6c4708121055\applicpywizable.exe
- C:\users\public\downloads\6c4708121055\python21.dll
- C:\users\public\downloads\6c4708121055\templatex.txt
- C:\users\public\downloads\1210557086c4.tmp
- C:\users\public\downloads\7081210556c4.lnk
- C:\users\public\7086c4121055.exe
- 'pi#.##20557670.xyz':443
- 'microsoft.com':80
- 'ik######c.cdn.bcebos.com':443
- 'p.####557670.xyz':443
- 'pk#.##20557670.xyz':443
- 'oc##.#tartssl.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- 'pi#.##20557670.xyz':443
- 'ik######c.cdn.bcebos.com':443
- DNS ASK pi#.##20557670.xyz
- DNS ASK microsoft.com
- DNS ASK dn#.google
- DNS ASK ik######c.cdn.bcebos.com
- DNS ASK p.####557670.xyz
- DNS ASK pk#.##20557670.xyz
- DNS ASK st####.rapidssl.com
- DNS ASK oc##.#tartssl.com
- 'C:\users\public\7086c4121055.exe' -o -d 6C4708121055 1210557086C4.TMP
- 'C:\users\public\downloads\6c4708121055\applicpywizable.exe'
- 'C:\users\public\7086c4121055.exe' -o -d 6C4708121055 1210557086C4.TMP' (со скрытым окном)