Техническая информация
- '%APPDATA%\Roaming\Microsoft\Windows\hknswc.exe'
- '%APPDATA%\Roaming\Microsoft\Windows\AppMgnt.exe'
- %APPDATA%\Roaming\Microsoft\Protect\S-1-5-21-2832440558-3064306045-1455513625-1000\47490e3a-5644-464a-bd10-c099385ef29a
- \Device\Mup\BVNSEUHJ*\MAILSLOT\NET\NETLOGON
- <LS_APPDATA>\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol
- C:\ProgramData\BVNSEUHJ_5_2_13_23_1.jpg
- C:\ProgramData\Browsers.txt
- C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch
- %APPDATA%\Roaming\Microsoft\Windows\AppMgnt.exe
- %APPDATA%\Roaming\Microsoft\Windows\hknswc.exe
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\User\d9852160-793c-4e53-8ef6-c4613a8dd5be
- C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch
- C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol
- C:\ProgramData\BVNSEUHJ_5_2_13_23_1.jpg
- %APPDATA%\Roaming\Microsoft\Windows\hknswc.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK www.dw##ade.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''