Техническая информация
- '%TEMP%\KERIS_APT_1.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\run_and_self_delete.bat" "
- '<SYSTEM32>\wscript.exe' "%TEMP%\run_and_self_delete.vbs"
- %TEMP%\run_and_self_delete.bat
- %TEMP%\KERIS_APT_1.ini
- %TEMP%\run_and_self_delete.vbs
- %TEMP%\{91B9ABC9-DBDE-4A83-B53C-73D1F1BDA5AF}.CBM
- %TEMP%\EUMONBMP.SYS
- %TEMP%\KERIS_APT_1.exe
- %TEMP%\{D44B88D2-CBCF-4877-846F-4102BB35D95E}.CBM
- %TEMP%\{D44B88D2-CBCF-4877-846F-4102BB35D95E}.CBM
- %TEMP%\{91B9ABC9-DBDE-4A83-B53C-73D1F1BDA5AF}.CBM
- %TEMP%\EUMONBMP.SYS
- %TEMP%\KERIS_APT_1.ini
- %TEMP%\run_and_self_delete.vbs
- %TEMP%\~DFA98D.tmp
- %TEMP%\KERIS_APT_1.exe
- '58.##4.238.136':80
- 'localhost':1039
- 58.##4.238.136/keris/run.php?ac################################################################################################################################################################################
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''