Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\BootSys.url
- '' (загружен из сети Интернет)
- <SYSTEM32>\TsWpfWrp.exe
- <SYSTEM32>\clipsrv.exe
- %TEMP%\cbrvh2z5.0.cs
- %TEMP%\cbrvh2z5.cmdline
- %TEMP%\cbrvh2z5.out
- C:\23ef5514-3059-436f-a4a7-4cefaab20eb1\fa6a3.exe
- %TEMP%\cbrvh2z5.out
- %TEMP%\cbrvh2z5.0.cs
- %TEMP%\cbrvh2z5.cmdline
- <Полный путь к файлу> в C:\23ef5514-3059-436f-a4a7-4cefaab20eb1\fa6a3.exe
- 'wp#d':80
- 'ip###ger.com':443
- '10#.#34.34.48':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://10#.#34.34.48/builds/f707db00b39990ed0bdacadf4603106f/Gefest.exe
- DNS ASK wp#d
- DNS ASK ip###ger.com
- '<SYSTEM32>\mqsvc.exe' /create /tn 23ef5514-3059-436f-a4a7-4cefaab20eb1 /tr "rundll32.exe url.dll,OpenURLA "\23ef5514-3059-436f-a4a7-4cefaab20eb1\fa6a3.exe"" /st 00:00 /sc daily /du 9999:59 /ri 10 /f
- '<SYSTEM32>\dplaysvr.exe' /create /tn 23ef5514-3059-436f-a4a7-4cefaab20eb1 /tr "rundll32.exe url.dll,OpenURLA "\23ef5514-3059-436f-a4a7-4cefaab20eb1\fa6a3.exe"" /st 00:00 /sc daily /du 9999:59 /ri 10 /f
- '<SYSTEM32>\TsWpfWrp.exe' /create /tn 23ef5514-3059-436f-a4a7-4cefaab20eb1 /tr "rundll32.exe url.dll,OpenURLA "\23ef5514-3059-436f-a4a7-4cefaab20eb1\fa6a3.exe"" /st 00:00 /sc daily /du 9999:59 /ri 10 /f
- '<SYSTEM32>\clipsrv.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\cbrvh2z5.cmdline"