Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\KeyPress.url
- %ALLUSERSPROFILE%\Application Data\BELEZASOFT\finglitec_80061400052600.dll
- %ALLUSERSPROFILE%\Application Data\BELEZASOFT\25d873fa-87e0-4609-b133-9bfd00e85bfa.vbs
- 'wp#d':80
- 'si######ladooeste.online':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://si######ladooeste.online/finglitec_80061400052600.dll
- http://si######ladooeste.online/25d873fa-87e0-4609-b133-9bfd00e85bfa.vbs
- DNS ASK wp#d
- DNS ASK si######ladooeste.online
- '<SYSTEM32>\cscript.exe' //B //Nologo %ALLUSERSPROFILE%\Application Data\BELEZASOFT\25d873fa-87e0-4609-b133-9bfd00e85bfa.vbs