Техническая информация
- '%TEMP%\gbadkfeh.exe:del'
- '%TEMP%\gbadkfeh.exe'
- '%TEMP%\dkfehoji.exe'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\58bf2b3a1b8d70f1ed6b4f0d15c7075c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\SystemCertificates\My\Certificates\A7D0A935D07ADCDBC8B8240EEF0F0F5EB8FD5B12
- %TEMP%\gbadkfeh.exe:del
- %TEMP%\siwtixr\scwxbdi\wow.dll
- %TEMP%\gbadkfeh.exe
- %TEMP%\dkfehoji.exe
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\a0373159-9dc1-46e1-b343-e527cd7e785b
- %TEMP%\siwtixr\scwxbdi\wow.dll
- %TEMP%\gbadkfeh.exe
- C:\System Volume Information\EFS0.LOG
- '74.##5.232.51':80
- 'dr##dor.com':80
- '85.##3.166.69':28346
- dr##dor.com/19ad89bc3e3c9d7ef68b89523eff1987/2.6/440/23ef5514-3059-436f-a4a7-4cefaab20eb1/5.1.2600_2.0_32
- DNS ASK nr##dok.com
- DNS ASK google.com
- DNS ASK dr##dor.com
- ClassName: 'hytruyjyrtutrhdgfv' WindowName: 'freptorgjkfdgk'