Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = '<SYSTEM32>\install\isponsor.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = '<SYSTEM32>\install\isponsor.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{SS078HYK-PP0Y-ST8D-VLS1-A5TCC6LUPO30}] 'StubPath' = '<SYSTEM32>\install\isponsor.exe Restart'
- %APPDATA%\microsoft\windows\start menu\programs\startup\<Имя файла>.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\isponsor.exe
- isponsor.exe
- %WINDIR%\syswow64\install\isponsor.exe
- %TEMP%\xx--xx--xx.txt
- %APPDATA%\logs.dat
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %WINDIR%\syswow64\install\isponsor.exe
- %APPDATA%\logs.dat
- %TEMP%\xx--xx--xx.txt
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- DNS ASK ka####1.no-ip.biz
- '%WINDIR%\syswow64\install\isponsor.exe'