Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AcrobatUpdater' = '%TEMP%\svchost.exe'
- '%TEMP%\svchost.exe'
- '<SYSTEM32>\msiexec.exe' -Embedding B7D0DC51222E81179FAD03CADF15A824
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\Proof.msi"
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
- %WINDIR%\Installer\MSI1.tmp
- %TEMP%\MSI1c724.LOG
- %WINDIR%\Installer\MSI2.tmp
- %TEMP%\Proof.msi
- %TEMP%\svchost.exe
- %TEMP%\svchost.dat
- %WINDIR%\Installer\1d4c0.msi
- %TEMP%\1c723.msi
- %WINDIR%\Installer\MSI1.tmp
- '20#.#6.232.182':80
- 'wp#d':80
- 'www.up####-drivers.cc':80
- 20#.#6.232.182/pki/crl/products/CodeSignPCA2.crl
- wp#d/wpad.dat
- www.up####-drivers.cc/upd/check.php?ve###################
- DNS ASK wp#d
- DNS ASK crl.microsoft.com
- DNS ASK www.av###eck.org
- DNS ASK www.up####-drivers.cc
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'