Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MobileServices' = '"%ProgramFiles%\ShellDir\MobileServices.exe"'
- '%ProgramFiles%\ShellDir\MobileServices.exe'
- '%ProgramFiles%\ShellDir\MobileServices.exe'
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '%TEMP%\ShellDir\MobileServices.exe'
- <Текущая директория>\63.exe
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
- %ProgramFiles%\ShellDir\MobileServices.exe
- %TEMP%\svhost.exe
- %TEMP%\ShellDir\melt.bat
- %TEMP%\ShellDir\MobileServices.exe
- %TEMP%\ShellDir\MobileServices.exe
- %ProgramFiles%\ShellDir\MobileServices.exe
- <Полный путь к файлу>
- <Текущая директория>\63.exe
- %TEMP%\ShellDir\melt.bat
- %WINDIR%\Temp\scs2.tmp
- %TEMP%\svhost.exe
- %WINDIR%\Temp\scs1.tmp
- %TEMP%\svhost.exe
- 'cv#.##rvusnet.xyz':19486
- '20#.#6.232.182':80
- 'wp#d':80
- http://crl.microsoft.com/pki/crl/products/CSPCA.crl via 20#.#6.232.182
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK cv#.##rvusnet.xyz
- DNS ASK crl.microsoft.com
- DNS ASK wp#d
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-be8.bec.380001'