Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- '<SYSTEM32>\rundll32.exe' "%TEMP%\1U7dMZ23tqm2nrwA2TOvD9T9l43jWy2lLVGzeyAQU3dIj3.tmp", DoEntryAction
- '<SYSTEM32>\rundll32.exe' "%TEMP%\AP5SDv6Bz8hBuVe.tmp", DoEntryAction
- '<SYSTEM32>\netsh.exe' firewall set opmode enable
- %TEMP%\BIT2.tmp
- %TEMP%\BIT1.tmp
- %TEMP%\BIT2.tmp в %TEMP%\1U7dMZ23tqm2nrwA2TOvD9T9l43jWy2lLVGzeyAQU3dIj3.tmp
- %TEMP%\BIT1.tmp в %TEMP%\AP5SDv6Bz8hBuVe.tmp
- 'en#####4310.mpaas.io':80
- 'localhost':1042
- 'wp#d':80
- 'localhost':1040
- en#####4310.mpaas.io/coletor.tmp
- en#####4310.mpaas.io/a10z17Pa9tLWNe6yu7NXjwvqpW251xR.tmp
- wp#d/wpad.dat
- DNS ASK en#####4310.mpaas.io
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''