Техническая информация
- '%TEMP%\3E6.tmp\loger.exe' /stext password.txt
- '%TEMP%\3E6.tmp\report.exe'
- '%TEMP%\FAC2.tmp\1.exe'
- '%TEMP%\FAC2.tmp\Bupass.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\3E6.tmp\1.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\FAC2.tmp\Сценарий Windows.cmd" "
- C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\User\be1c56d7-bc75-49eb-9d76-6b664571f712
- %TEMP%\PSE20\d8801670fcdcdbe911f65bf0f0d92ce0\php.ini
- C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch
- %TEMP%\3E6.tmp\password.txt
- <LS_APPDATA>\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol
- C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch
- %TEMP%\3E6.tmp\report.exe
- %TEMP%\FAC2.tmp\Bupass.exe
- %TEMP%\FAC2.tmp\1.exe
- %TEMP%\FAC2.tmp\Сценарий Windows.cmd
- %TEMP%\FAC2.tmp\php5ts.dll
- %TEMP%\3E6.tmp\loger.exe
- %TEMP%\3E6.tmp\1.bat
- %TEMP%\FAC2.tmp\tray.ico
- %TEMP%\3E6.tmp\password.txt
- %TEMP%\3E6.tmp\1.bat
- %TEMP%\FAC2.tmp\Сценарий Windows.cmd
- '93.##8.134.11':25
- DNS ASK dn#.##ftncsi.com
- DNS ASK sm##.yandex.ru
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'