Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinResSync' = '<SYSTEM32>\regsvr32.exe /s "%APPDATA%\Microsoft\Protect\a65561-cfbae1-1fc0c988-41bfa0-5cf0.rs"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'WinResSync' = '<SYSTEM32>\regsvr32.exe /s "%APPDATA%\Microsoft\Protect\a65561-cfbae1-1fc0c988-41bfa0-5cf0.rs"'
- <SYSTEM32>\services.exe
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\lsm.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\wudfhost.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- <SYSTEM32>\smss.exe
- <SYSTEM32>\wininit.exe
- %APPDATA%\microsoft\protect\a65561-cfbae1-1fc0c988-41bfa0-5cf0.rs
- %APPDATA%\microsoft\protect\a65561-cfbae1-1fc0c988-41bfa0-5cf0.tpl
- %APPDATA%\microsoft\protect\once
- http://we##.proxx.net/ping
- http://google.com/
- http://16#.#72.20.152/multi/check.php
- DNS ASK we##.proxx.net
- DNS ASK google.com
- DNS ASK ms######s-prdw.navyfcu.org
- '<SYSTEM32>\regsvr32.exe' /s "%APPDATA%\Microsoft\Protect\a65561-cfbae1-1fc0c988-41bfa0-5cf0.rs"