Техническая информация
- '%TEMP%\mpgbadkf.exe:del'
- '%TEMP%\mpgbadkf.exe'
- '%TEMP%\hojilcnm.exe'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\063e51432231ab0de6fb9395f194e1a8_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\SystemCertificates\My\Certificates\93B6F81CD1D766A91E289E1D27FB67ABAB572D7F
- %TEMP%\mpgbadkf.exe:del
- %TEMP%\swtixge\syrtfiq\wow.dll
- %TEMP%\mpgbadkf.exe
- %TEMP%\hojilcnm.exe
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\85d3d4b7-528b-47d2-b7db-471787d68cf9
- %TEMP%\swtixge\syrtfiq\wow.dll
- %TEMP%\mpgbadkf.exe
- C:\System Volume Information\EFS0.LOG
- '74.##5.232.51':80
- 'dr##dor.com':80
- '85.##3.166.69':28346
- dr##dor.com/19ad89bc3e3c9d7ef68b89523eff1987/2.6/450/23ef5514-3059-436f-a4a7-4cefaab20eb1/5.1.2600_2.0_32
- DNS ASK nr##dok.com
- DNS ASK google.com
- DNS ASK dr##dor.com
- ClassName: 'RFEDKGFLJG' WindowName: 'df;fgtlsrdul'