Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Intel Security Corporation' = '%APPDATA%\Microsoft\Windows\Templates\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Explorer' = '%APPDATA%\Microsoft\Windows\Templates\explorer.exe'
- %APPDATA%\microsoft\windows\templates\svchost.zip
- %APPDATA%\microsoft\windows\templates\svchost.exe
- %TEMP%\explorer.txt
- %APPDATA%\microsoft\windows\templates\explorer.zip
- %APPDATA%\microsoft\windows\templates\explorer.exe
- %APPDATA%\microsoft\windows\templates\svchost.exe
- %APPDATA%\microsoft\windows\templates\explorer.exe
- %APPDATA%\microsoft\windows\templates\svchost.zip
- %APPDATA%\microsoft\windows\templates\explorer.zip
- %TEMP%\explorer.txt
- 'ca###urk.com':80
- 'aa######-1000.blogspot.com':443
- 'am####.capeturk.com':100
- http://ca###urk.com/explorer.txt
- 'aa######-1000.blogspot.com':443
- DNS ASK ca###urk.com
- DNS ASK aa######-1000.blogspot.com
- DNS ASK am####.capeturk.com
- '%APPDATA%\microsoft\windows\templates\svchost.exe'
- '%APPDATA%\microsoft\windows\templates\explorer.exe'