Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'erhtgn' = '%TEMP%\repair.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe' 2996 <Полный путь к файлу> 2900
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "erhtgn" /t REG_SZ /d "%TEMP%\repair.exe
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe
- %ALLUSERSPROFILE%\Application Data\CRNJEUFU_11_25_1_39_1.jpg
- %TEMP%\repair.exe
- 'pe####xing.in.net':80
- '20#.#6.232.182':80
- 'wp#d':80
- http://pe####xing.in.net/gentifour-3rdApril-3rdMar/post.php?ty##########################################################
- http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl via 20#.#6.232.182
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK pe####xing.in.net
- DNS ASK crl.microsoft.com
- DNS ASK wp#d