Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SonyAgent' = '<Полный путь к вирусу>'
- '<SYSTEM32>\wermgr.exe' "-outproc" "852" "4128"
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.6.7600.256_d2caf64b7dbca2d781154d2562964c262846251_cab_0bf05c90\Report.wer
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_80072f78_805ff6e6daf5fedbb13daf2b1d56b5cbd7ea195_cab_054061ed\client_manifest.txt
- %WINDIR%\SoftwareDistribution\DataStore\Logs\tmp.edb
- %WINDIR%\Temp\OutofProcReport1071551.txt
- <Полный путь к вирусу>
- %WINDIR%\Temp\OutofProcReport1071551.txt
- 'localhost':49194
- '20#.#0.236.37':80
- 'download.windowsupdate.com':80
- 'localhost':49191
- 'localhost':49185
- 'localhost':49188
- '10#.#62.30.38':80
- 'localhost':49217
- 'localhost':49220
- '46.##9.219.17':80
- '77.##1.228.158':80
- '20#.#6.232.182':80
- 'localhost':49209
- 'localhost':49213
- '59.#7.88.94':80
- 'localhost':49167
- 'localhost':49170
- 'localhost':49164
- 'localhost':49158
- '37.##9.63.29':80
- 'localhost':49161
- 'localhost':49179
- 'localhost':49182
- '17#.#6.160.21':80
- '93.##.228.245':80
- '17#.#6.77.77':80
- 'localhost':49173
- 'localhost':49176
- 20#.#6.232.182/fwlink/?Li######################################################################################################
- DNS ASK www.up####.microsoft.com
- DNS ASK go.###rosoft.com
- DNS ASK download.windowsupdate.com
- DNS ASK do#####d.microsoft.com