Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'WinUpdate' = '%APPDATA%\Microsoft\Windows\services.exe'
- '%APPDATA%\Microsoft\Windows\services.exe' "<Полный путь к вирусу>"
- %APPDATA%\Microsoft\Windows\services.exe
- %APPDATA%\Microsoft\Windows\services.exe
- 'th###59878.com':51300
- 'dr###57289.com':35101
- 'in###7150.net':35103
- 'dr###53289.com':35101
- '17#.#08.179.162':37502
- '17#.#08.179.162':37504
- '17#.#08.179.162':37500
- '17#.#08.179.162':37501
- 'bl###3331.org':35104
- '17#.#08.179.162':37503
- 'th###59877.com':37500
- DNS ASK th###59878.com
- DNS ASK in###7150.net
- DNS ASK dr###53289.com
- DNS ASK bl###3331.org
- DNS ASK th###59877.com
- DNS ASK dr###57289.com