Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinResSync' = '<SYSTEM32>\regsvr32.exe /s "%APPDATA%\Microsoft\Protect\e65561-1acfe1-e3cb2684-8d52b0-eca0.rs"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'WinResSync' = '<SYSTEM32>\regsvr32.exe /s "%APPDATA%\Microsoft\Protect\e65561-1acfe1-e3cb2684-8d52b0-eca0.rs"'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\wudfhost.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- <SYSTEM32>\smss.exe
- %APPDATA%\microsoft\protect\e65561-1acfe1-e3cb2684-8d52b0-eca0.rs
- %APPDATA%\microsoft\protect\e65561-1acfe1-e3cb2684-8d52b0-eca0.tpl
- %APPDATA%\microsoft\protect\once
- http://we##.proxx.net/ping
- http://google.com/
- http://16#.#72.20.152/multi/check.php
- DNS ASK we##.proxx.net
- DNS ASK google.com
- DNS ASK vi########er.waw01.hls.ttvnw.net
- '<SYSTEM32>\regsvr32.exe' /s "%APPDATA%\Microsoft\Protect\e65561-1acfe1-e3cb2684-8d52b0-eca0.rs"