Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\projectx.lnk
- %APPDATA%\microsoft\windows\start menu\programs\cocbuilder server's\projectx\projectx.lnk
- %HOMEPATH%\desktop\projectx.lnk
- %TEMP%\tmp8d23.tmp
- %TEMP%\tmp8d63.tmp
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\tmp8d23.tmp
- %TEMP%\tmp8d63.tmp
- http://os##.#ocbuilder.su/CodeSigning/1/RevokeList.crl
- http://os##.#ocbuilder.su/Main/RevokeList.crl
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK os##.#ocbuilder.su
- DNS ASK ap#.##cbuilder.su
- DNS ASK ga###.#ytescience.pro
- '<SYSTEM32>\wisptis.exe' /ManualLaunch;' (со скрытым окном)
- '<SYSTEM32>\wisptis.exe' /ManualLaunch;
- '<SYSTEM32>\route.exe' delete 85.119.149.111
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule remoteip=85.119.149.111 name=all
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule remoteip=85.119.149.111/31 name=all
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule dir=out name=all