Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'MSlG9bnqD9BRLumT67c4ld1ap09HQ635iQsvD3Vz0l1JC' = 'rundll32.exe "%TEMP%\MSlG9bnqD9BRLumT67c4ld1ap09HQ635iQsvD3Vz0l1JC.tmp", DoEntryAction'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'B3K1pfs5xJ' = 'rundll32.exe "%TEMP%\B3K1pfs5xJ.tmp", DoEntryAction'
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- '<SYSTEM32>\netsh.exe' firewall set opmode enable
- %TEMP%\BIT2.tmp
- %TEMP%\BIT1.tmp
- %TEMP%\BIT2.tmp в %TEMP%\MSlG9bnqD9BRLumT67c4ld1ap09HQ635iQsvD3Vz0l1JC.tmp
- %TEMP%\BIT1.tmp в %TEMP%\B3K1pfs5xJ.tmp
- 'en########3.jelastic.lunacloud.com':80
- 'localhost':1042
- 'wp#d':80
- 'localhost':1040
- en########3.jelastic.lunacloud.com/coletor.tmp
- en########3.jelastic.lunacloud.com/VVVCyUUrGw59VyQy0xYG3n48c889H5u.tmp
- wp#d/wpad.dat
- DNS ASK en########3.jelastic.lunacloud.com
- DNS ASK wp#d