Техническая информация
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\hrjsrt" /XML "%TEMP%\z389"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- [<HKCU>\Software\IMVU\username]
- %TEMP%\z389
- %ALLUSERSPROFILE%\Application Data\CRNJEUFU_11_1_15_31_1.jpg
- %APPDATA%\afgio.exe
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
- %TEMP%\z389
- 'www.ma###maths.ru':80
- 'www.download.windowsupdate.com':80
- 'wp#d':80
- http://www.ma###maths.ru/obasi10oct-10nov/post.php?ty##########################################################
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ca#####.digicert.com
- DNS ASK www.ma###maths.ru
- DNS ASK wp#d
- DNS ASK www.download.windowsupdate.com