Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Internet Name Service] 'Start' = '00000002'
- %WINDIR%\Temp\13356 -u "<SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\"
- <SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe /Service
- %WINDIR%\Temp\13356
- <SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\queries-02.cache
- <SYSTEM32>\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
- 'be##.#cpsynack.com':80
- 'be##.tcpfin.com':80
- 'be##.tcprst.com':80
- be##.#cpsynack.com/update2.php
- be##.tcpfin.com/update2.php
- be##.tcpfin.com/drm_check.php
- be##.tcprst.com/drm_check.php
- DNS ASK be##.#cpsynack.com
- DNS ASK be##.#eadrelay.com
- DNS ASK be##.tcprst.com
- DNS ASK be##.tcpfin.com