Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SonyAgent' = '<Полный путь к вирусу>'
- %WINDIR%\SoftwareDistribution\DataStore\Logs\tmp.edb
- <Полный путь к вирусу>
- 'download.windowsupdate.com':80
- '20#.#6.232.182':80
- 'localhost':49202
- '94.##3.80.211':80
- '2.##2.41.95':80
- 'localhost':49191
- 'localhost':49194
- 'localhost':49206
- 'localhost':49217
- 'localhost':49220
- '68.##.85.110':80
- '93.#9.10.35':80
- '89.##4.116.17':80
- 'localhost':49209
- 'localhost':49212
- 'localhost':49188
- '14#.#05.132.5':80
- 'localhost':49167
- 'localhost':49170
- 'localhost':49164
- 'localhost':49158
- '12#.#16.244.6':80
- 'localhost':49161
- '78.##.224.13':80
- 'localhost':49182
- '17#.#58.67.55':80
- 'localhost':49185
- 'localhost':49179
- 'localhost':49173
- 'localhost':49176
- '89.##1.110.59':80
- DNS ASK www.up####.microsoft.com
- DNS ASK do#####d.microsoft.com
- DNS ASK download.windowsupdate.com