Техническая информация
- %WINDIR%\tasks\clockshock.job
- [<HKLM>\System\CurrentControlSet\Services\Sardonic Corps] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Sardonic Corps] 'ImagePath' = '%APPDATA%\Sardonic Corps\Sardonic Corps.exe'
- %APPDATA%\sardonic corps\sardonic corps.exe
- %ALLUSERSPROFILE%\application data\{778efbf7-171e-21cf-778e-efbf7171efdc}\<Имя файла>.exe
- %ALLUSERSPROFILE%\application data\{778efbf7-171e-21cf-778e-efbf7171efdc}\<Имя файла>.dat
- %APPDATA%\sardonic corps\juy.dat
- DNS ASK fu###et.info
- DNS ASK al####el-pro.com
- DNS ASK fu###set.work
- DNS ASK gr###model.biz
- '%APPDATA%\sardonic corps\sardonic corps.exe'