Техническая информация
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\update.dll" TestFuction
- '<SYSTEM32>\cscript.exe' "%ALLUSERSPROFILE%\rundll.vbs"
- '<SYSTEM32>\cscript.exe' "%ALLUSERSPROFILE%\update.vbs"
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\MessengerService]
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\MessengerService]
- [<HKCU>\Software\Microsoft\MessengerService]
- %ALLUSERSPROFILE%\rundll.vbs
- <SYSTEM32>\pwd.txt
- %ALLUSERSPROFILE%\wuauserv.dll
- %ALLUSERSPROFILE%\update.vbs
- %ALLUSERSPROFILE%\update.dll
- из <Полный путь к вирусу> в %TEMP%\update.exe
- 'va######rmultifamily.com':80
- 'localhost':1037
- '12#.#25.114.144':80
- va######rmultifamily.com/wp-admin/network/site-editor.php
- 12#.#25.114.144/
- DNS ASK va######rmultifamily.com
- DNS ASK www.ba##u.com