Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\ad8654109fde5941fb4c21b40b9bcac2.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\winupdates.exe' = '%TEMP%\winupdates.exe:*:Enabled:winupdates.e...
- '%TEMP%\winupdates.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\winupdates.exe" "winupdates.exe" ENABLE
- '%TEMP%\winupdates.exe'
- winupdates.exe
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
- %TEMP%\winupdates.exe
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
- 'to#####i18@gmail.com':5552
- 'crl.verisign.com':80
- 'wp#d':80
- http://crl.verisign.com/Class3CodeSigning2001.crl
- http://crl.verisign.com/pca3.crl
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK to#####i18@gmail.com
- DNS ASK crl.verisign.com
- DNS ASK wp#d