Техническая информация
- '<SYSTEM32>\wbem\WMIADAP.EXE' /F /T /R
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- <SYSTEM32>\LogFiles\Scm\9d774a32-03f6-4092-9d56-19bb0dc4f0e9
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\0h[1].zip
- %TEMP%\black.txt
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\129495830[1].zip
- %WINDIR%\inf\WmiApRpl\WmiApRpl.h
- %WINDIR%\inf\WmiApRpl\0019\WmiApRpl.ini
- <SYSTEM32>\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
- <SYSTEM32>\PerfStringBackup.TMP
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- %WINDIR%\inf\WmiApRpl\0009\WmiApRpl.ini
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'www.ch####appens.com':80
- 'localhost':52887
- www.ch####appens.com/unauthorized/129495830.zip
- www.ch####appens.com/unauthorized/0h.zip
- DNS ASK www.ch####appens.com