Техническая информация
- '%TEMP%\jilcnmpg.exe:del'
- '%TEMP%\jilcnmpg.exe'
- '%TEMP%\adkfehoj.exe'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\021cb47a41562ce3f2a04c0f16441d78_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\SystemCertificates\My\Certificates\0EBA7E1EC394BC948E31448AF5F5F74D4BC4C4CB
- %TEMP%\jilcnmpg.exe:del
- %TEMP%\sbaphem\swoohuj\wow.dll
- %TEMP%\jilcnmpg.exe
- %TEMP%\adkfehoj.exe
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\c2b08d5d-d643-469c-bcd0-ea842ec4d382
- %TEMP%\sbaphem\swoohuj\wow.dll
- %TEMP%\jilcnmpg.exe
- C:\System Volume Information\EFS0.LOG
- 'dr##dor.com':80
- '85.##3.166.69':28346
- dr##dor.com/19ad89bc3e3c9d7ef68b89523eff1987/2.6/440/23ef5514-3059-436f-a4a7-4cefaab20eb1/5.1.2600_2.0_32
- DNS ASK google.com
- DNS ASK dr##dor.com
- ClassName: 'tfriytreyterd' WindowName: 'treytrehgfdh'