Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\server.exe' = '%TEMP%\server.exe:*:Enabled:server.exe'
- '%TEMP%\server.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\server.exe" "server.exe" ENABLE
- '<LS_APPDATA>bCFtIz_xsF.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen <LS_APPDATA>hHIPTmGREi.jpg
- %TEMP%\server.exe
- <LS_APPDATA>hHIPTmGREi.jpg
- <LS_APPDATA>bCFtIz_xsF.exe
- 'pa###bin.com':80
- 'wp#d':80
- '14#.#05.70.30':1177
- http://pa###bin.com/raw/YQ0aQh6U
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK pa###bin.com
- DNS ASK wp#d
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''