Technical Information
- <SYSTEM32>\tasks\yvtr9fvosnrzmjw
- <SYSTEM32>\tasks\ieppas0etwa
- <SYSTEM32>\tasks\t-2-1-38-1267056825-1068476469-1090712307-4194\{9yg29lm-scua-evsx-yf1y-xc6h519uirf}
- %LOCALAPPDATA%\google\chrome\user data\default\web data
- %HOMEPATH%\desktop\cveuropeo.doc
- %HOMEPATH%\desktop\ovp25012015.doc
- %HOMEPATH%\desktop\file_p_00000000_1371597592.docx
- %HOMEPATH%\desktop\glidescope_review_rev_010.docx
- %HOMEPATH%\desktop\holycrosschurchinstructions.docx
- %HOMEPATH%\desktop\sdszfo.docx
- %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
- %TEMP%\xwdcp
- %TEMP%\~aotxygr.tmp
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\screen.jpg
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\cveuropeo.doc
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\ovp25012015.doc
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\file_p_00000000_1371597592.docx
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\glidescope_review_rev_010.docx
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\holycrosschurchinstructions.docx
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\sdszfo.docx
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\thlps_keeper_mayer_1965.docx
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\steam\config\config.vdf
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\steam\инструкция по установке.txt
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\steam\config\dialogconfig.vdf
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\telegram\d877f783d5d3ef8c\map0
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\telegram\инструкция по установке.txt
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\telegram\d877f783d5d3ef8c1
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\information.txt
- %TEMP%\aut9ade.tmp
- %APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.module.exe.2
- %APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.module.exe
- %TEMP%\aut35a9.tmp
- %APPDATA%\wow64_microsoft-windows-devices-custom\enu_4687fe97b85aab662535.7z
- %APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.sqlite3.module.dll
- %TEMP%\aut347f.tmp
- %TEMP%\202447137.exe
- %APPDATA%\curl.dll
- %APPDATA%\svchost.dll
- %APPDATA%\sise.dll
- %APPDATA%\curl.exe
- %TEMP%\svchost.exe
- %APPDATA%\sise.exe
- %APPDATA%\wow64_microsoft-windows-devices-custom\enu_4687fe97b85aab662535
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\hdljf0gd\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\jdz5m7uu\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\raey7oza\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\fkru5ke7\desktop.ini
- %APPDATA%\microsoft\windows\cookies\low\index.dat
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
- %APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.sqlite3.module.dll.2
- %APPDATA%\wow64_microsoft-windows-devices-custom\shortinformation.txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\hdljf0gd\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\jdz5m7uu\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\raey7oza\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\fkru5ke7\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- %APPDATA%\svchost.dll
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\telegram\d877f783d5d3ef8c1
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\steam\config\dialogconfig.vdf
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\steam\config\config.vdf
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\steam\инструкция по установке.txt
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\thlps_keeper_mayer_1965.docx
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\sdszfo.docx
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\ovp25012015.doc
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\holycrosschurchinstructions.docx
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\glidescope_review_rev_010.docx
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\file_p_00000000_1371597592.docx
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\desktop txt files\cveuropeo.doc
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\screen.jpg
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\information.txt
- %APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.module.exe
- %APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.module.exe.2
- %TEMP%\aut9ade.tmp
- %APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.sqlite3.module.dll
- %TEMP%\aut35a9.tmp
- %APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.sqlite3.module.dll.2
- %TEMP%\aut347f.tmp
- %APPDATA%\sise.exe
- %APPDATA%\curl.dll
- %APPDATA%\sise.dll
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\telegram\инструкция по установке.txt
- %APPDATA%\wow64_microsoft-windows-devices-custom\1\telegram\d877f783d5d3ef8c\map0
- from %TEMP%\svchost.exe to %APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK ma##r.info
- DNS ASK b.####aforenon.ru
- DNS ASK google-public-dns-a.google.com
- DNS ASK ap#.##legram.org
- DNS ASK ip##i.co
- DNS ASK microsoft.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\202447137.exe'
- '%APPDATA%\curl.dll' -s -pfzxcbvzngdvbndgvhbdf
- '%APPDATA%\svchost.dll' -s -pgnrgdnharsfhnyrgmj
- '%TEMP%\svchost.exe'
- '%APPDATA%\sise.dll' -s -pdfgsfgetrst4wrfgrsdgt43wrsdgresfga
- '%APPDATA%\sise.exe'
- '%APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.exe'
- '%APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.module.exe' a -y -mx9 -ssw "%APPDATA%\wow64_microsoft-windows-devices-custom\ENU_4687FE97B85AAB662535.7z" "%APPDATA%\wow64_microsoft-windows-devices-custom\1\*"
- '%APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.module.exe' a -y -mx9 -ssw "%APPDATA%\wow64_microsoft-windows-devices-custom\ENU_4687FE97B85AAB662535.7z" "%APPDATA%\wow64_microsoft-windows-devices-custom\1\*"' (with hidden window)
- '%WINDIR%\syswow64\attrib.exe' +s +h "%APPDATA%\wow64_microsoft-windows-devices-custom"' (with hidden window)
- '%APPDATA%\wow64_microsoft-windows-devices-custom\chxreadingstringime.exe' ' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %TEMP%\XWDcp
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1
- '%WINDIR%\syswow64\attrib.exe' +s +h "%APPDATA%\wow64_microsoft-windows-devices-custom"
- '<SYSTEM32>\taskeng.exe' {696E4113-7A75-41F2-A5FD-06995274E263} S-1-5-21-1960123792-2022915161-3775307078-1001:vvkjzuxk\user:Interactive:[1]