Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\John Record.lnk
- '%APPDATA%\Being her\Class point.exe'
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > "%APPDATA%\Being her\Class point.exe":ZONE.identifier
- %HOMEPATH%\My Documents\ukf40uvt.y1p
- %APPDATA%\Being her\Class point.exe:ZONE.identifier
- C:\b765904e95ccbfe8a9be0edda6c55c6920e5fc5a
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21
- C:\b765904e95ccbfe8a9be0edda6c55c6920e5fc5a
- %HOMEPATH%\My Documents\ukf40uvt.y1p в %APPDATA%\Being her\Class point.exe
- 'bu#.##namic-dns.net':1603
- '20#.#6.232.182':80
- 'wp#d':80
- http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl via 20#.#6.232.182
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl via 20#.#6.232.182
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK bu#.##namic-dns.net
- DNS ASK crl.microsoft.com
- DNS ASK wp#d