Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wpjukn] 'Start' = '00000002'
- <SYSTEM32>\sc.exe start wpjukn
- <SYSTEM32>\sc.exe stop wpjukn
- <SYSTEM32>\sc.exe create wpjukn type= kernel binpath= "%ALLUSERSPROFILE%\Application Data\LVSEUSL\wpjukn.bin" start= auto
- <SYSTEM32>\sc.exe stop null
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\pab[1].php
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\wpad[1].dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\wpad[1].dat
- %ALLUSERSPROFILE%\Application Data\LVSEUSL\snt1886.lex
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\LVSEUSL\wpjukn.bin
- %ALLUSERSPROFILE%\Application Data\LVSEUSL\wpjukn.bin
- 'wpad.localdomain':80
- 'up##.21civ.com':80
- 'rp##.21civ.com':80
- up##.21civ.com/pab.php?b=######################################
- wpad.localdomain/wpad.dat
- rp##.21civ.com/az.php?st###############################
- rp##.21civ.com/wb.php?o=#####################
- DNS ASK wpad.localdomain
- DNS ASK up##.21civ.com
- DNS ASK rp##.21civ.com