Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Service' = ''
- '%ALLUSERSPROFILE%\KavUpdate_406\KavUpdate.exe'
- '<SYSTEM32>\userinit.exe'
- <SYSTEM32>\userinit.exe
- %ALLUSERSPROFILE%\KavUpdate_406\msi.dll
- %ALLUSERSPROFILE%\KavUpdate_406\KavUpdate.exe
- %TEMP%\China Security Report2014.docx
- %ALLUSERSPROFILE%\KavUpdate_406\flash.ini
- 'yt.###ologetee.com':4500
- DNS ASK yt.###ologetee.com