Техническая информация
- C:\msocache\all users\lsass.exe
- C:\msocache\all users\6203df4a6bafc7
- C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\iexplore.exe
- C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\9db6e019d4f04e
- %ProgramFiles(x86)%\microsoft.net\primary interop assemblies\audiodg.exe
- %ProgramFiles(x86)%\microsoft.net\primary interop assemblies\42af1c969fbb7b
- %ProgramFiles%\java\jre1.8.0_45\bin\dtplugin\dwm.exe
- %ProgramFiles%\java\jre1.8.0_45\bin\dtplugin\6cb0b6c459d5d3
- C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\idle.exe
- C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\6ccacd8608530f
- %TEMP%\g3dbwcsg3z
- %TEMP%\amaykjsk97.bat
- nul
- %HOMEPATH%\desktop\yagxhliz.log
- %TEMP%\g3dbwcsg3z
- '21#.#59.215.196':80
- http://21#.#59.215.196/gamepacket0/temporarydownloadsTrackpipe/PythonVoiddbPublic5/UpdateupdateAuth/17/Local1Traffic/longpollProcess/Auth8/0javascript/trafficlocal/PacketProtonPython/generator6...
- 'C:\msocache\all users\lsass.exe'
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\amaYkjsK97.bat"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\amaYkjsK97.bat"
- '<SYSTEM32>\chcp.com' 65001
- '<SYSTEM32>\ping.exe' -n 10 localhost