Техническая информация
- '%TEMP%\lcnmpgba.exe:del'
- '%TEMP%\lcnmpgba.exe'
- '%TEMP%\ojilcnmp.exe'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\552d35ea442f3295d98d831444913b80_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\SystemCertificates\My\Certificates\49F1B205C6D96CCA38D361B90579C9176939A22A
- %TEMP%\lcnmpgba.exe:del
- %TEMP%\sqdriba\sulbvgo\wow.dll
- %TEMP%\lcnmpgba.exe
- %TEMP%\ojilcnmp.exe
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\bb9ffd1f-d046-4b4a-bf14-0881aa11aa19
- %TEMP%\sqdriba\sulbvgo\wow.dll
- %TEMP%\lcnmpgba.exe
- C:\System Volume Information\EFS0.LOG
- '74.##5.232.51':80
- 'dr##dor.com':80
- '85.##3.166.69':28346
- dr##dor.com/19ad89bc3e3c9d7ef68b89523eff1987/2.6/440/23ef5514-3059-436f-a4a7-4cefaab20eb1/5.1.2600_2.0_32
- DNS ASK nr##dok.com
- DNS ASK google.com
- DNS ASK dr##dor.com
- ClassName: 'tfriytreyterd' WindowName: 'treytrehgfdh'