Техническая информация
- <SYSTEM32>\tasks\microsoft\windows\setup\plugin
- <SYSTEM32>\tasks\microsoft\windows\diagnosis\monitoring
- %TEMP%\genteert.dll
- %TEMP%\<Имя файла>-selfdel.bat
- %ALLUSERSPROFILE%\logs\report.cmd
- %ALLUSERSPROFILE%\steam\winring0x64.sys
- %ALLUSERSPROFILE%\steam\config.json
- %ALLUSERSPROFILE%\steam\steampack.exe
- %ALLUSERSPROFILE%\task\service.xml
- %ALLUSERSPROFILE%\task\restore.xml
- %ALLUSERSPROFILE%\task\plugin.xml
- %TEMP%\deldll.bat
- %ALLUSERSPROFILE%\task\monitoring.xml
- %ALLUSERSPROFILE%\steam\steampack.cab
- %ALLUSERSPROFILE%\task\task.cab
- %TEMP%\gentee3c\3default - 1.bmp
- %TEMP%\gentee3c\setup_temp.gea
- %TEMP%\gentee3c\cab2g.dll
- %TEMP%\gentee3c\ssleay32.dll
- %TEMP%\gentee3c\libeay32.dll
- %TEMP%\gentee3c\guig.dll
- %ALLUSERSPROFILE%\logs\report.cab
- nul
- %TEMP%\gentee3c\3default - 1.bmp
- %TEMP%\gentee3c\cab2g.dll
- %TEMP%\gentee3c\guig.dll
- %TEMP%\gentee3c\libeay32.dll
- %TEMP%\gentee3c\setup_temp.gea
- %TEMP%\gentee3c\ssleay32.dll
- %TEMP%\genteert.dll
- 'wi#####-server.do.am':443
- 'wi#####-server.do.am':443
- DNS ASK wi#####-server.do.am
- '%WINDIR%\syswow64\schtasks.exe' /tn Microsoft\Windows\Setup\Plugin /create /xml Plugin.xml
- '%WINDIR%\syswow64\schtasks.exe' /tn Microsoft\Windows\Diagnosis\Monitoring /create /xml Monitoring.xml
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\<Имя файла>-selfdel.bat" " (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\deldll.bat" " (со скрытым окном)
- '%WINDIR%\syswow64\ping.exe' -n 2 -w 1000 127.0.0.1