Техническая информация
- '<SYSTEM32>\41F60C\315CB6.EXE'
- '<SYSTEM32>\conhost.exe'
- '%WINDIR%\explorer.exe' /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
- '%WINDIR%\explorer.exe' <Текущая директория>\<Имя вируса>
- <SYSTEM32>\D5C608\internet.fne
- <SYSTEM32>\D5C608\krnln.fnr
- <SYSTEM32>\D5C608\eAPI.fne
- <SYSTEM32>\D5C608\HtmlView.fne
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_80070422_76a4385aa7fdcd3dc476f7ea51e8ea5565f02fd_0ba91d9e\Report.wer
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7C5D86.lnk
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- %TEMP%\E_N4\internet.fne
- %TEMP%\E_N4\eAPI.fne
- %TEMP%\E_N4\krnln.fnr
- %TEMP%\E_N4\HtmlView.fne
- <SYSTEM32>\D5C608\dp1.fne
- %TEMP%\E_N4\dp1.fne
- <SYSTEM32>\41F60C\315CB6.EXE
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- '20#.#6.232.182':80
- DNS ASK wa####.microsoft.com
- '22#.0.0.252':5355