Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\projectx.lnk
- %APPDATA%\microsoft\windows\start menu\programs\cocbuilder server's\projectx\projectx.lnk
- %HOMEPATH%\desktop\projectx.lnk
- %TEMP%\tmp79ca.tmp
- %TEMP%\tmp79f9.tmp
- %TEMP%\tmp7a48.tmp
- %TEMP%\tmp79ca.tmp
- %TEMP%\tmp7a48.tmp
- 'ap#.##cbuilder.su':443
- http://os##.#ocbuilder.su/Main/RevokeList.crl
- http://os##.#ocbuilder.su/CodeSigning/1/RevokeList.crl
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK os##.#ocbuilder.su
- DNS ASK oc##.thawte.com
- DNS ASK ap#.##cbuilder.su
- DNS ASK ga###.#ytescience.pro
- '<SYSTEM32>\wisptis.exe' /ManualLaunch;' (со скрытым окном)
- '<SYSTEM32>\wisptis.exe' /ManualLaunch;
- '<SYSTEM32>\route.exe' delete 85.119.149.111
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule remoteip=85.119.149.111 name=all
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule remoteip=85.119.149.111/31 name=all
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule dir=out name=all