Техническая информация
- '%TEMP%\KTXHJ.exe'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "Windows Inc\Windows Inc" /XML "%APPDATA%\Windows Inc\aCCCCC.xml"
- <SYSTEM32>\svchost.exe
- ClassName: 'Filemonclass', WindowName: ''
- ClassName: 'Regmonclass', WindowName: ''
- %TEMP%\KTXHJ.exe
- <SYSTEM32>\.IgHiJkLiO
- %APPDATA%\Windows Inc\WindowsInc.exe
- %APPDATA%\Windows Inc\aCCCCC.xml
- <SYSTEM32>\.IgHiJkLiO
- %APPDATA%\Windows Inc\aCCCCC.xml
- 'be####us.ns1.name':8080
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK be####us.ns1.name
- DNS ASK wp#d
- ClassName: '18467-41' WindowName: ''
- ClassName: '4823-00000029' WindowName: ''