Technical Information
- %WINDIR%\syswow64\explorer.exe
- %WINDIR%\explorer.exe
- wondershare.exe
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\699c4b9cdebca7aaea5193cae8a50098_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %ProgramFiles(x86)%\wondershare recoverit\wondershare.exe
- %TEMP%\xx--xx--xx.txt
- %APPDATA%\logs.dat
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %APPDATA%\logs.dat
- %ProgramFiles(x86)%\wondershare recoverit\wondershare.exe
- %TEMP%\xx--xx--xx.txt
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- 'md####e.myvnc.com':80
- 'md####e.myvnc.com':80
- DNS ASK md####e.myvnc.com
- '%ProgramFiles(x86)%\wondershare recoverit\wondershare.exe'
- '%ProgramFiles(x86)%\wondershare recoverit\wondershare.exe' ' (with hidden window)
- '%WINDIR%\syswow64\explorer.exe'