Техническая информация
- 'C:\fPiXc85.tmp\taskhostfy.exe'
- '<SYSTEM32>\wscript.exe' "C:\fPiXc85.tmp\oiWHregv.vbs"
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "C:\fPiXc85.tmp\taskhostfy.exe "DNS" ENABLE
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="DNS" dir=in action=allow program="C:\fPiXc85.tmp\taskhostfy.exe"
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- %APPDATA%\RUT_settings\Logs\rms_log_2017-11.html
- C:\fPiXc85.tmp\oiWHregv.vbs
- C:\fPiXc85.tmp\taskhostfy.exe
- C:\fPiXc85.tmp\taskhostfy.exe
- C:\fPiXc85.tmp\oiWHregv.vbs
- 'ru##ls.com':563
- 'ru##ls.com':5655
- 'ru##ls.com':80
- http://ru##ls.com/utils/inet_id_notify.php?te####
- DNS ASK se####.rutils.com
- DNS ASK ru##ls.com
- ClassName: '' WindowName: 'Windows Security Alert'
- ClassName: '18467-41' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: 'Iiiaauaiea nenoaiu aaciianiinoe Windows'