Техническая информация
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\Spetnazol" /XML "%TEMP%\1276253466.xml"
- '<SYSTEM32>\schtasks.exe' /Delete /TN "Update\Spetnazol" /F
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
- %APPDATA%\Monitor\Screenshots\01-17-2017\6.40 AM
- %TEMP%\1276253466.xml
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
- %TEMP%\1276253466.xml
- из <Полный путь к файлу> в %APPDATA%\Spetnazol\Spetnazol.exe
- 'om####5asm.ddns.net':1863
- 'db#####er2016.ddns.net':1863
- 'cs######0-crl.verisign.com':80
- 'wp#d':80
- 'crl.verisign.com':80
- http://crl.verisign.com/pca3-g5.crl
- http://cs######0-crl.verisign.com/CSC3-2010.crl
- http://11#.#11.111.1/wpad.dat via wp#d
- http://crl.verisign.com/pca3.crl
- DNS ASK om####5asm.ddns.net
- DNS ASK db#####er2016.ddns.net
- DNS ASK cs######0-crl.verisign.com
- DNS ASK wp#d
- DNS ASK crl.verisign.com