Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\pcAnywhere] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\pcAnywhere] 'ImagePath' = '%WINDIR%\pcawhere\thinprobe.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\system-215750] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\system-215750] 'ImagePath' = '%WINDIR%\pcawhere\thinprobe.exe'
- '%WINDIR%\pcawhere\thinprobe.exe'
- '%TEMP%\7z289C0B30\thinprobe.exe'
- '<SYSTEM32>\svchost.exe' -daemon
- <SYSTEM32>\svchost.exe
- %TEMP%\7z289C0B30\thinhostprobedll.dll
- %WINDIR%\pcawhere\config.ini
- %TEMP%\7z289C0B30\thumb.db
- %TEMP%\7z289C0B30\thinprobe.exe
- %TEMP%\7z289C0B30\thumb.db в %WINDIR%\pcawhere\thumb.db
- %TEMP%\7z289C0B30\thinhostprobedll.dll в %WINDIR%\pcawhere\thinhostprobedll.dll
- %TEMP%\7z289C0B30\thinprobe.exe в %WINDIR%\pcawhere\thinprobe.exe
- 'wp#d':80
- '10#.#24.80.86':443
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK wp#d