Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'uia' = '%APPDATA%\Microsoft\Vault\uia.exe'
- uia.exe
- %TEMP%\autcaec.tmp
- %APPDATA%\exfomqkhqrhpnjqedhfejjhbi53533.png
- %APPDATA%\microsoft\vault\uia.exe
- %TEMP%\aut21e1.tmp
- %APPDATA%\sqlite3\sqlite3.dll
- %TEMP%\autcaec.tmp
- %TEMP%\aut21e1.tmp
- 'cl#####.enigmasolutions.xyz':54573
- 'cl#####.enigmasolutions.xyz':54573
- DNS ASK cl#####.enigmasolutions.xyz
- '%APPDATA%\microsoft\vault\uia.exe'