Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Cryptography Service] 'Start' = '00000002'
- %WINDIR%\Speech\Crypto\updtr.exe
- %WINDIR%\Speech\Crypto\WindowsCryptographyService.exe
- <SYSTEM32>\systeminfo.exe
- <SYSTEM32>\net1.exe start "Windows Cryptography Service"
- <SYSTEM32>\taskkill.exe /IM taskhost.exe /F
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe WindowsCryptographyService.exe
- %WINDIR%\Speech\Crypto\WindowsCryptographyService.InstallLog
- %WINDIR%\Speech\Crypto\InstallUtil.InstallLog
- %WINDIR%\Speech\Crypto\WindowsCryptographyService.InstallState
- %WINDIR%\Speech\Crypto\logu.txt
- %WINDIR%\Speech\Crypto\log.txt
- %WINDIR%\Speech\Crypto\insler.log
- <Текущая директория>\inLog.txt
- %WINDIR%\Speech\Crypto\WindowsCryptographyService.exe
- %WINDIR%\Speech\Crypto\cfg.txt
- %WINDIR%\Speech\Crypto\updtr.exe
- '12#.#.65.203':80
- '20#.#0.156.220':8081
- 'wp#d':80
- wp#d/wpad.dat
- 12#.#.65.203/manager/relay.jsp?ID####################################################
- DNS ASK wp#d
- ClassName: '' WindowName: ''