Техническая информация
- '%TEMP%\cetrainers\CET1.tmp\extracted\RQKXJ.exe' "%TEMP%\cetrainers\CET1.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:%TEMP%\"
- '%TEMP%\cetrainers\CET1.tmp\RQKXJ.exe' -ORIGIN:"%TEMP%\"
- '%TEMP%\RQKXJ.exe'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "Windows Inc\Windows Inc" /XML "%APPDATA%\Windows Inc\awwwww.xm#"
- <SYSTEM32>\svchost.exe
- %TEMP%\RQKXJ.exe
- <SYSTEM32>\.IgHiJkLiO
- %APPDATA%\Windows Inc\WindowsInc.exe
- %APPDATA%\Windows Inc\awwwww.xml
- <SYSTEM32>\.IgHiJkLiO
- %TEMP%\cetrainers\CET1.tmp\extracted\CET_TRAINER.CETRAINER
- %APPDATA%\Windows Inc\awwwww.xml
- 'be####us.user32.com':8080
- 'be####us.ns1.name':8080
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK be####us.user32.com
- DNS ASK be####us.ns1.name
- DNS ASK wp#d