Техническая информация
- %APPDATA%\Thinstall\pp\%TEMP%\RarSFX0\Server1.exe
- <SYSTEM32>\netsh.exe firewall set opmode disable
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- <SYSTEM32>\netsh.exe
- <SYSTEM32>\reg.exe
- %APPDATA%\Thinstall\pp\%Temp%\2520
- %APPDATA%\Thinstall\pp\%Local AppData%\GDIPFONTCACHEV1.DAT
- %APPDATA%\Thinstall\pp\SKEL\2524-2.manifest
- %APPDATA%\Thinstall\pp\SKEL\2600-5.manifest
- %APPDATA%\Thinstall\pp\SKEL\2600-4.manifest
- %APPDATA%\Thinstall\pp\SKEL\2600-3.manifest
- %APPDATA%\Thinstall\pp\Registry.rw.tvr
- %APPDATA%\Thinstall\pp\Registry.rw.tvr.lck.CRNJEUFU.ffffffff9a8
- %APPDATA%\Thinstall\pp\SKEL\2524-1.manifest
- %APPDATA%\Thinstall\pp\%Temp%\RarSFX0\Server1.exe
- %APPDATA%\Thinstall\pp\Registry.tlog
- %APPDATA%\Thinstall\pp\SKEL\2600-4.manifest
- %APPDATA%\Thinstall\pp\SKEL\2600-5.manifest
- %APPDATA%\Thinstall\pp\SKEL\2600-3.manifest
- %APPDATA%\Thinstall\pp\SKEL\2524-1.manifest
- %APPDATA%\Thinstall\pp\SKEL\2524-2.manifest
- %APPDATA%\Thinstall\pp\Registry.rw.tvr.lck.CRNJEUFU.ffffffff9a8 в %APPDATA%\Thinstall\pp\Registry.rw.tvr.lck
- 'ha####c.myvnc.com':1604
- DNS ASK ha####c.myvnc.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''