Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Word Engine Updater' = '%APPDATA%\Roaming\wordengine\wordengine.scr'
- '%TEMP%\svchost.exe' /stext C:\ProgramData\Mails.txt
- '%TEMP%\svchost.exe' /stext C:\ProgramData\Browsers.txt
- '%APPDATA%\Roaming\wordengine\wordengine.scr' /S
- '%TEMP%\svchost.exe' /S
- \Device\Mup\BVNSEUHJ*\MAILSLOT\NET\NETLOGON
- C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch
- %APPDATA%\Roaming\Microsoft\Protect\S-1-5-21-2832440558-3064306045-1455513625-1000\aabd933a-fb2e-4143-8916-319000b6285b
- C:\ProgramData\Browsers.txt
- <LS_APPDATA>\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol
- %TEMP%\svchost.exe
- %APPDATA%\Roaming\wordengine\wordengine.scr
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\User\518a39e3-0a9c-4321-a816-b2e6e3b97c25
- C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch
- C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol
- DNS ASK dn#.##ftncsi.com
- DNS ASK un####nline-ng.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''