Техническая информация
- C:\users\public\downloads\lytsts.exe
- %ALLUSERSPROFILE%\1.txt
- %ALLUSERSPROFILE%\statback\windowstask.exe
- %ALLUSERSPROFILE%\statback\duilib_u.dll
- %ALLUSERSPROFILE%\statback\sqlite3.dll
- %ALLUSERSPROFILE%\statback\windows.exe
- %ALLUSERSPROFILE%\statback\1.bin
- %LOCALAPPDATA%\{a2b71377-f5f1-4dfa-9091-c0cb2d0eaba6}\windowstask.lnk
- %TEMP%\{c5a050ed-7c9e-4eaa-8cd5-e72426a7d47d}.exe
- %TEMP%\{f7c1ca70-4816-423a-816a-9aa3b178a9ed}
- %ALLUSERSPROFILE%\quickscreenshot\20230929\20230929192503.jpg
- %TEMP%\hi-013{04d33585-1072-435f-9334-ab29070f6dff}\{08011a93-f924-46db-ad7c-4e10030050b5}.lnk
- %TEMP%\regworkshop.ini
- %TEMP%\hi-013{04d33585-1072-435f-9334-ab29070f6dff}\{08011a93-f924-46db-ad7c-4e10030050b5}.lnk
- %TEMP%\{c5a050ed-7c9e-4eaa-8cd5-e72426a7d47d}.exe
- %TEMP%\{f7c1ca70-4816-423a-816a-9aa3b178a9ed}
- '38.##.110.151':56321
- '38.##.110.25':56321
- '8.###.103.47':3927
- http://38.##.110.151:56321/1.txt via 38.##.110.151
- http://38.##.110.25:56321/32ewd32er2dw.exe via 38.##.110.25
- '8.###.103.47':3927
- 'C:\users\public\downloads\lytsts.exe'
- '%ALLUSERSPROFILE%\statback\windows.exe'
- '%TEMP%\{c5a050ed-7c9e-4eaa-8cd5-e72426a7d47d}.exe' /s "%TEMP%\\{F7C1CA70-4816-423a-816A-9AA3B178A9ED}"
- '%ALLUSERSPROFILE%\statback\windows.exe' ' (со скрытым окном)