Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Internet Security' = '<Полный путь к вирусу>'
- '<SYSTEM32>\Wat\WatAdminSvc.exe' /run
- <Служебный элемент>
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\cmd.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\405[1].php
- 'me#####wnloadgroup.com':80
- '20#.#6.232.182':80
- 'ct###.#indowsupdate.com':80
- me#####wnloadgroup.com/405.php?id#####
- 20#.#6.232.182/pki/crl/products/microsoftrootcert.crl
- ct###.#indowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?19##############
- DNS ASK me#####wnloadgroup.com
- DNS ASK crl.microsoft.com
- DNS ASK ct###.#indowsupdate.com
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''