Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'egui' = '"%PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice'
Создает следующие сервисы:
- [<HKLM>\SYSTEM\ControlSet001\Services\easdrv] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\ekrn] 'Start' = '00000002'
Вредоносные функции:
Создает и запускает на исполнение:
- '%TEMP%\7zS1.tmp\msistub.exe' nod32.msi /qb
Запускает на исполнение:
- '<SYSTEM32>\msiexec.exe' -Embedding B1598C8374F3DC43966372F5B605465E
- '<SYSTEM32>\msiexec.exe' -Embedding 4B09CB5CF1A81F64242E3CCED05447C1 M Global\MSI0000
- '<SYSTEM32>\msiexec.exe' /i nod32.msi /qb
- '<SYSTEM32>\msiexec.exe' /V
Изменения в файловой системе:
Создает следующие файлы:
- %TEMP%\NUP2E.tmp
- %TEMP%\NUP2F.tmp
- %TEMP%\NUP2C.tmp
- %TEMP%\NUP2A.tmp
- %TEMP%\NSF2D.tmp
- %TEMP%\NSF31.tmp
- %TEMP%\NSF35.tmp
- %TEMP%\NUP34.tmp
- %TEMP%\NUP32.tmp
- %TEMP%\NUP30.tmp
- %TEMP%\NSF33.tmp
- %TEMP%\NSF25.tmp
- %TEMP%\NUP24.tmp
- %TEMP%\NUP22.tmp
- %TEMP%\NUP20.tmp
- %TEMP%\NSF23.tmp
- %TEMP%\NUP26.tmp
- %TEMP%\NUP28.tmp
- %TEMP%\NSF2B.tmp
- %TEMP%\NSF29.tmp
- %TEMP%\NUP27.tmp
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\em001_32.dat
- %TEMP%\NUP42.tmp
- %TEMP%\NSF45.tmp
- %TEMP%\NSF43.tmp
- %TEMP%\NSF41.tmp
- %TEMP%\NUP40.tmp
- %TEMP%\NUP44.tmp
- %TEMP%\NUP48.tmp
- %TEMP%\NSF4B.tmp
- %TEMP%\NSF49.tmp
- %TEMP%\NUP46.tmp
- %TEMP%\NUP47.tmp
- %TEMP%\NUP38.tmp
- %TEMP%\NSF3B.tmp
- %TEMP%\NSF39.tmp
- %TEMP%\NUP36.tmp
- %TEMP%\NUP37.tmp
- %TEMP%\NUP3A.tmp
- %TEMP%\NUP3F.tmp
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\em002_32.dat
- %TEMP%\NUP3E.tmp
- %TEMP%\NSF3D.tmp
- %TEMP%\NUP3C.tmp
- %TEMP%\NSF21.tmp
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l1.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l0.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l2.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l1.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l0.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l2.nup
- %ALLUSERSPROFILE%\Start Menu\Programs\ESET\ESET NOD32 Antivirus\Belgeler.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\ESET\ESET NOD32 Antivirus\ESET NOD32 Antivirus.lnk
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiProduct.dll
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l1.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l2.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em000_32_l0.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em001_32_l0.nup
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnEpfwLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eplgOELang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiUpdateLang.dll
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em001_32_l1.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l0.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em002_32_l2.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em002_32_l1.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em002_32_l0.nup
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em001_32_l2.nup
- %TEMP%\NSF19.tmp
- %TEMP%\NSF1A.tmp
- %TEMP%\NSF18.tmp
- %TEMP%\NSF16.tmp
- %TEMP%\NSF17.tmp
- %TEMP%\NSF1B.tmp
- %TEMP%\NUP1E.tmp
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\em000_32.dat
- %TEMP%\NSF1F.tmp
- %TEMP%\NSF1C.tmp
- %TEMP%\NSF1D.tmp
- %TEMP%\NSFE.tmp
- %TEMP%\NSFF.tmp
- %WINDIR%\Installer\MSID.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\ESET\ESET NOD32 Antivirus\Lisans Sozleşmesi.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\ESET\ESET NOD32 Antivirus\Kaldır.lnk
- %TEMP%\NSF10.tmp
- %TEMP%\NSF14.tmp
- %TEMP%\NSF15.tmp
- %TEMP%\NSF13.tmp
- %TEMP%\NSF11.tmp
- %TEMP%\NSF12.tmp
- %TEMP%\NUP4A.tmp
- %TEMP%\NUP84.tmp
- %TEMP%\NUP86.tmp
- %TEMP%\NSF85.tmp
- %TEMP%\NSF83.tmp
- %TEMP%\NUP82.tmp
- %TEMP%\NUP87.tmp
- %TEMP%\NSF8B.tmp
- %TEMP%\NUP8A.tmp
- %TEMP%\NUP88.tmp
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\em005_32.dat
- %TEMP%\NSF89.tmp
- %TEMP%\NSF7B.tmp
- %TEMP%\NUP7A.tmp
- %TEMP%\NUP78.tmp
- %TEMP%\NUP77.tmp
- %TEMP%\NSF79.tmp
- %TEMP%\NSF7D.tmp
- %TEMP%\NSF81.tmp
- %TEMP%\NUP80.tmp
- %TEMP%\NUP7F.tmp
- %TEMP%\NUP7C.tmp
- %TEMP%\NUP7E.tmp
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
- %WINDIR%\Installer\MSI99.tmp
- %TEMP%\NUP97.tmp
- %WINDIR%\Installer\MSI98.tmp
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
- %WINDIR%\Installer\MSI9F.tmp
- %TEMP%\CabA0.tmp
- <DRIVERS>\SET9E.tmp
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
- %TEMP%\Cab9C.tmp
- %TEMP%\NUP8F.tmp
- %TEMP%\NSF91.tmp
- %TEMP%\NUP8E.tmp
- %TEMP%\NSF8D.tmp
- %TEMP%\NUP8C.tmp
- %TEMP%\NUP90.tmp
- %TEMP%\NUP94.tmp
- %TEMP%\NUP96.tmp
- %TEMP%\NSF95.tmp
- %TEMP%\NSF93.tmp
- %TEMP%\NUP92.tmp
- %TEMP%\NUP76.tmp
- %TEMP%\NUP58.tmp
- %TEMP%\NSF5B.tmp
- %TEMP%\NSF59.tmp
- %TEMP%\NUP57.tmp
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\em003_32.dat
- %TEMP%\NUP5A.tmp
- %TEMP%\NUP5F.tmp
- %TEMP%\NSF61.tmp
- %TEMP%\NUP5E.tmp
- %TEMP%\NSF5D.tmp
- %TEMP%\NUP5C.tmp
- %TEMP%\NUP4F.tmp
- %TEMP%\NSF51.tmp
- %TEMP%\NUP4E.tmp
- %TEMP%\NSF4D.tmp
- %TEMP%\NUP4C.tmp
- %TEMP%\NUP50.tmp
- %TEMP%\NUP54.tmp
- %TEMP%\NUP56.tmp
- %TEMP%\NSF55.tmp
- %TEMP%\NSF53.tmp
- %TEMP%\NUP52.tmp
- %TEMP%\NUP6F.tmp
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\em004_32.dat
- %TEMP%\NUP6E.tmp
- %TEMP%\NSF6D.tmp
- %TEMP%\NUP6C.tmp
- %TEMP%\NSF71.tmp
- %TEMP%\NSF75.tmp
- %TEMP%\NUP74.tmp
- %TEMP%\NUP72.tmp
- %TEMP%\NUP70.tmp
- %TEMP%\NSF73.tmp
- %TEMP%\NSF65.tmp
- %TEMP%\NUP64.tmp
- %TEMP%\NUP62.tmp
- %TEMP%\NUP60.tmp
- %TEMP%\NSF63.tmp
- %TEMP%\NUP66.tmp
- %TEMP%\NSF6B.tmp
- %TEMP%\NUP6A.tmp
- %TEMP%\NUP68.tmp
- %TEMP%\NUP67.tmp
- %TEMP%\NSF69.tmp
- %TEMP%\7zS1.tmp\eplgOELang.dll
- %TEMP%\7zS1.tmp\eplgOutlook.dll
- %TEMP%\7zS1.tmp\eplgOEEmon.dll
- %TEMP%\7zS1.tmp\eplgHooks.dll
- %TEMP%\7zS1.tmp\eplgOE.dll
- %TEMP%\7zS1.tmp\eplgOutlookEmon.dll
- %TEMP%\7zS1.tmp\mfc80.dll
- %TEMP%\7zS1.tmp\mfc80u.dll
- %TEMP%\7zS1.tmp\http_dll.dll
- %TEMP%\7zS1.tmp\eplgOutlookEmonLang.dll
- %TEMP%\7zS1.tmp\eplgOutlookLang.dll
- %TEMP%\7zS1.tmp\ekrnEpfwLang.dll
- %TEMP%\7zS1.tmp\ekrnLang.dll
- %TEMP%\7zS1.tmp\ekrnEpfw.dll
- %TEMP%\7zS1.tmp\ekrnAmon.dll
- %TEMP%\7zS1.tmp\ekrnEmon.dll
- %TEMP%\7zS1.tmp\ekrnMailPlugins.dll
- %TEMP%\7zS1.tmp\ekrnUpdate.dll
- %TEMP%\7zS1.tmp\ekrnUpdateLang.dll
- %TEMP%\7zS1.tmp\ekrnScanLang.dll
- %TEMP%\7zS1.tmp\ekrnMailPluginsLang.dll
- %TEMP%\7zS1.tmp\ekrnScan.dll
- %TEMP%\7zS1.tmp\Drivers\epfwtdir\epfwtdir.sys
- %WINDIR%\Installer\2bd99.msi
- %TEMP%\7zS1.tmp\Drivers\easdrv\easdrv.sys
- %TEMP%\7zS1.tmp\msistub.exe
- %TEMP%\7zS1.tmp\Drivers\eamon\eamon.sys
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI6.tmp
- %WINDIR%\Installer\MSI7.tmp
- %TEMP%\inx5.tmp
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI4.tmp
- %TEMP%\7zS1.tmp\ShellExtLang.dll
- %TEMP%\7zS1.tmp\updater.dll
- %TEMP%\7zS1.tmp\shellExt.dll
- %TEMP%\7zS1.tmp\msvcp80.dll
- %TEMP%\7zS1.tmp\msvcr80.dll
- %TEMP%\7zS1.tmp\callmsi.exe
- %TEMP%\7zS1.tmp\EHttpSrv.exe
- %TEMP%\7zS1.tmp\ekrn.exe
- %TEMP%\7zS1.tmp\egui.exe
- %TEMP%\7zS1.tmp\ecls.exe
- %TEMP%\7zS1.tmp\ecmd.exe
- %TEMP%\7zS1.tmp\eguiUpdateLang.dll
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em001_32_l2.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em002_32_l0.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em001_32_l1.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em000_32_l0.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em001_32_l0.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em002_32_l1.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em003_32_l2.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em004_32_l0.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em003_32_l1.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em002_32_l2.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em003_32_l0.nup
- %TEMP%\7zS1.tmp\eset.chm
- %TEMP%\7zS1.tmp\Drivers\eamon\eamon.inf
- %TEMP%\7zS1.tmp\Drivers\epfwtdir\epfwtdir.cat
- %TEMP%\7zS1.tmp\Drivers\eamon\eamon.cat
- %TEMP%\7zS1.tmp\Drivers\easdrv\easdrv.cat
- %TEMP%\7zS1.tmp\Drivers\easdrv\easdrv.inf
- %TEMP%\7zS1.tmp\Microsoft.VC80.MFCLOC.manifest
- %TEMP%\7zS1.tmp\nod32.msi
- %TEMP%\7zS1.tmp\Microsoft.VC80.MFC.manifest
- %TEMP%\7zS1.tmp\Drivers\epfwtdir\epfwtdir.inf
- %TEMP%\7zS1.tmp\Microsoft.VC80.CRT.manifest
- %TEMP%\7zS1.tmp\eguiLang.dll
- %TEMP%\7zS1.tmp\eguiMailPlugins.dll
- %TEMP%\7zS1.tmp\eguiEpfwLang.dll
- %TEMP%\7zS1.tmp\eguiEmonLang.dll
- %TEMP%\7zS1.tmp\eguiEpfw.dll
- %TEMP%\7zS1.tmp\eguiMailPluginsLang.dll
- %TEMP%\7zS1.tmp\eguiScanLang.dll
- %TEMP%\7zS1.tmp\eguiUpdate.dll
- %TEMP%\7zS1.tmp\eguiScan.dll
- %TEMP%\7zS1.tmp\eguiProduct.dll
- %TEMP%\7zS1.tmp\eguiProduct_original.dll
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em005_32_l1.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em005_32_l2.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em005_32_l0.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em004_32_l1.nup
- %TEMP%\7zS1.tmp\APPDATADIR\Updfiles\em004_32_l2.nup
- %TEMP%\7zS1.tmp\eula.rtf
- %TEMP%\7zS1.tmp\eguiAmonLang.dll
- %TEMP%\7zS1.tmp\eguiEmon.dll
- %TEMP%\7zS1.tmp\eguiAmon.dll
- %TEMP%\7zS1.tmp\APPDATADIR\EHttpSrv.xml
- %TEMP%\7zS1.tmp\eclsLang.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\rp.log
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ecls.exe
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eplgOE.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eplgHooks.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\mfc80.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\egui.exe
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiScan.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ecmd.exe
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiEmon.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.sys
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\shellExt.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\http_dll.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.cat
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\callmsi.exe
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eplgOutlookLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eula.rtf
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnScanLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiAmonLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnMailPluginsLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eclsLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eset.chm
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiEpfwLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiEmonLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ShellExtLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.cat
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.cat
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnUpdateLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eplgOutlookEmonLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiMailPluginsLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiScanLang.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrn.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eguiAmon.dll
- %ALLUSERSPROFILE%\Application Data\ESET\ESET NOD32 Antivirus\EHttpSrv.xml
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\msvcr80.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\mfc80u.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.inf
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\updater.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\ekrnScan.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\RestorePointSize
- %WINDIR%\Installer\MSI9.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- %WINDIR%\Installer\MSI8.tmp
- C:\Config.Msi\2bd9c.rbs
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\msvcp80.dll
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
- %PROGRAM_FILES%\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
- %WINDIR%\Installer\MSIB.tmp
- %WINDIR%\Installer\MSIC.tmp
Удаляет следующие файлы:
- %TEMP%\NUP6A.tmp
- %TEMP%\NSF69.tmp
- %TEMP%\NUP6C.tmp
- %TEMP%\NSF6B.tmp
- %TEMP%\NUP6E.tmp
- %TEMP%\NUP67.tmp
- %TEMP%\NUP64.tmp
- %TEMP%\NUP68.tmp
- %TEMP%\NSF65.tmp
- %TEMP%\NSF73.tmp
- %TEMP%\NUP72.tmp
- %TEMP%\NUP77.tmp
- %TEMP%\NUP74.tmp
- %TEMP%\NSF71.tmp
- %TEMP%\NSF6D.tmp
- %TEMP%\NUP6F.tmp
- %TEMP%\NUP76.tmp
- %TEMP%\NUP70.tmp
- %TEMP%\NSF63.tmp
- %TEMP%\NUP58.tmp
- %TEMP%\NSF55.tmp
- %TEMP%\NSF59.tmp
- %TEMP%\NUP5E.tmp
- %TEMP%\NUP57.tmp
- %TEMP%\NUP52.tmp
- %TEMP%\NSF51.tmp
- %TEMP%\NUP54.tmp
- %TEMP%\NSF53.tmp
- %TEMP%\NUP66.tmp
- %TEMP%\NUP60.tmp
- %TEMP%\NUP62.tmp
- %TEMP%\NSF61.tmp
- %TEMP%\NSF5D.tmp
- %TEMP%\NSF5B.tmp
- %TEMP%\NUP5A.tmp
- %TEMP%\NUP5F.tmp
- %TEMP%\NUP5C.tmp
- %TEMP%\NSF75.tmp
- %TEMP%\NUP96.tmp
- %TEMP%\NUP90.tmp
- %TEMP%\NUP92.tmp
- %TEMP%\NSF91.tmp
- %TEMP%\NSF8D.tmp
- %TEMP%\NSF8B.tmp
- %TEMP%\NUP8A.tmp
- %TEMP%\NUP8F.tmp
- %TEMP%\NUP8C.tmp
- %TEMP%\Cab9C.tmp
- %WINDIR%\Installer\MSI98.tmp
- %TEMP%\CabA0.tmp
- %WINDIR%\Installer\MSI99.tmp
- %WINDIR%\Installer\MSID.tmp
- %TEMP%\NUP94.tmp
- %TEMP%\NSF93.tmp
- %TEMP%\NSF95.tmp
- %TEMP%\NUP97.tmp
- %TEMP%\NSF89.tmp
- %TEMP%\NUP7F.tmp
- %TEMP%\NUP7C.tmp
- %TEMP%\NUP80.tmp
- %TEMP%\NSF7D.tmp
- %TEMP%\NSF7B.tmp
- %TEMP%\NUP7E.tmp
- %TEMP%\NUP78.tmp
- %TEMP%\NUP7A.tmp
- %TEMP%\NSF79.tmp
- %TEMP%\NSF85.tmp
- %TEMP%\NUP87.tmp
- %TEMP%\NUP8E.tmp
- %TEMP%\NUP88.tmp
- %TEMP%\NUP84.tmp
- %TEMP%\NSF81.tmp
- %TEMP%\NUP86.tmp
- %TEMP%\NSF83.tmp
- %TEMP%\NUP82.tmp
- %TEMP%\NUP56.tmp
- %TEMP%\NSF1F.tmp
- %TEMP%\NUP1E.tmp
- %TEMP%\NUP26.tmp
- %TEMP%\NUP20.tmp
- %TEMP%\NSF1D.tmp
- %TEMP%\NSF1A.tmp
- %TEMP%\NSF19.tmp
- %TEMP%\NSF1C.tmp
- %TEMP%\NSF1B.tmp
- %TEMP%\NUP28.tmp
- %TEMP%\NSF25.tmp
- %TEMP%\NSF29.tmp
- %TEMP%\NUP2E.tmp
- %TEMP%\NUP27.tmp
- %TEMP%\NUP22.tmp
- %TEMP%\NSF21.tmp
- %TEMP%\NUP24.tmp
- %TEMP%\NSF23.tmp
- %TEMP%\NSF18.tmp
- %WINDIR%\Installer\MSIB.tmp
- %WINDIR%\Installer\MSI9.tmp
- %TEMP%\NSFE.tmp
- %WINDIR%\Installer\MSIC.tmp
- %WINDIR%\Installer\MSI7.tmp
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI6.tmp
- %WINDIR%\Installer\MSI4.tmp
- %TEMP%\NSF15.tmp
- %TEMP%\NSF14.tmp
- %TEMP%\NSF17.tmp
- %TEMP%\NSF16.tmp
- %TEMP%\NSF13.tmp
- %TEMP%\NSF10.tmp
- %TEMP%\NSFF.tmp
- %TEMP%\NSF12.tmp
- %TEMP%\NSF11.tmp
- %TEMP%\NUP2A.tmp
- %TEMP%\NUP44.tmp
- %TEMP%\NSF43.tmp
- %TEMP%\NSF45.tmp
- %TEMP%\NUP47.tmp
- %TEMP%\NUP42.tmp
- %TEMP%\NUP40.tmp
- %TEMP%\NSF3D.tmp
- %TEMP%\NSF41.tmp
- %TEMP%\NUP46.tmp
- %TEMP%\NUP4F.tmp
- %TEMP%\NUP4C.tmp
- %TEMP%\NUP50.tmp
- %TEMP%\NSF4D.tmp
- %TEMP%\NSF4B.tmp
- %TEMP%\NUP4E.tmp
- %TEMP%\NUP48.tmp
- %TEMP%\NUP4A.tmp
- %TEMP%\NSF49.tmp
- %TEMP%\NUP3F.tmp
- %TEMP%\NSF31.tmp
- %TEMP%\NUP36.tmp
- %TEMP%\NSF33.tmp
- %TEMP%\NUP32.tmp
- %TEMP%\NUP30.tmp
- %TEMP%\NUP2C.tmp
- %TEMP%\NSF2B.tmp
- %TEMP%\NSF2D.tmp
- %TEMP%\NUP2F.tmp
- %TEMP%\NUP3A.tmp
- %TEMP%\NSF39.tmp
- %TEMP%\NUP3C.tmp
- %TEMP%\NSF3B.tmp
- %TEMP%\NUP3E.tmp
- %TEMP%\NUP37.tmp
- %TEMP%\NUP34.tmp
- %TEMP%\NUP38.tmp
- %TEMP%\NSF35.tmp
Перемещает следующие файлы:
- <DRIVERS>\SET9E.tmp в <DRIVERS>\easdrv.sys
Сетевая активность:
Подключается к:
- 'www.download.windowsupdate.com':80
- 'wp#d':80
TCP:
Запросы HTTP GET:
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- wp#d/wpad.dat
UDP:
- DNS ASK www.download.windowsupdate.com
- DNS ASK wp#d
Другое:
Ищет следующие окна:
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
