Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSUPD32' = '<LS_APPDATA>\wuaclt.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSUPD32' = '<Полный путь к вирусу>'
- '<LS_APPDATA>\wuaclt.exe'
- <LS_APPDATA>\wuaclt.exe
- <LS_APPDATA>\wuaclt.exe
- <LS_APPDATA>\wuaclt.exe
- 'tw####rs.toh.info':1863
- 'ap#####ore.dnset.com':53
- 'tw####rs.toh.info':12350
- 'tw####rs.toh.info':443
- 'ap#####ore.dnset.com':443
- '16#.#7.152.126':443
- '16#.#7.152.126':8080
- 'ap#####ore.dnset.com':80
- '16#.#7.152.126':1863
- ap#####ore.dnset.com/0000/a344718.asp
- ap#####ore.dnset.com/0000/a256031.asp
- ap#####ore.dnset.com/0000/a167296.asp
- DNS ASK tw####rs.toh.info
- DNS ASK ap#####ore.dnset.com
- ClassName: 'Indicator' WindowName: ''