Техническая информация
- <SYSTEM32>\tasks\thunderlive
- <SYSTEM32>\tasks\thunderliveupdate
- %ALLUSERSPROFILE%\setting.ini
- %ALLUSERSPROFILE%\1.txt
- %ALLUSERSPROFILE%\thunder\liveupdate.exe
- %ALLUSERSPROFILE%\thunder\liveupdate.dat
- %ALLUSERSPROFILE%\sqlversion.dll
- %TEMP%\_ir_tu2_temp_0\_tuprojdt.dat
- 'im######.cloudservicesdevc.tk':80
- http://im######.cloudservicesdevc.tk/picturess/2023/207.194.txt
- http://im######.cloudservicesdevc.tk/picturess/2023/history.txt
- http://im######.cloudservicesdevc.tk/picturess/2023/LiveUpdate.exe
- http://im######.cloudservicesdevc.tk/picturess/2023/LiveUpdate.dat
- http://im######.cloudservicesdevc.tk/picturess/2023/SqlVersion.dll
- DNS ASK im######.cloudservicesdevc.tk
- ClassName: 'ConsoleWindowClass' WindowName: ''
- '%ALLUSERSPROFILE%\thunder\liveupdate.exe'
- '%ALLUSERSPROFILE%\thunder\liveupdate.exe' ' (со скрытым окном)
- '<SYSTEM32>\taskeng.exe' {A13315B3-6B38-4D06-8C66-CDF330418FC7} S-1-5-21-1960123792-2022915161-3775307078-1001:daflybcod\user:Interactive:[1]