Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SonyAgent' = '<Полный путь к вирусу>'
- '<SYSTEM32>\wermgr.exe' "-outproc" "836" "1884"
- %WINDIR%\Temp\OutofProcReport1082461.txt
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.6.7600.256_d2caf64b7dbca2d781154d2562964c262846251_cab_0bc889f6\Report.wer
- %WINDIR%\SoftwareDistribution\DataStore\Logs\tmp.edb
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_80072f78_805ff6e6daf5fedbb13daf2b1d56b5cbd7ea195_cab_0dfc840d\client_manifest.txt
- <Полный путь к вирусу>
- %WINDIR%\Temp\OutofProcReport1082461.txt
- 'download.windowsupdate.com':80
- 'localhost':49201
- '20#.#6.232.182':80
- '10#.#51.175.64':80
- '77.##2.15.77':80
- 'localhost':49191
- 'localhost':49194
- 'localhost':49207
- 'localhost':49223
- 'localhost':49226
- '11#.#2.32.36':80
- '17#.#58.100.248':80
- '5.##8.98.4':80
- 'localhost':49217
- 'localhost':49220
- 'localhost':49188
- '77.##3.42.134':80
- 'localhost':49167
- 'localhost':49170
- 'localhost':49164
- 'localhost':49158
- '86.##0.243.29':80
- 'localhost':49161
- '80.##.146.211':80
- 'localhost':49182
- '17#.#9.90.16':80
- 'localhost':49185
- 'localhost':49179
- 'localhost':49173
- 'localhost':49176
- '37.##5.84.26':80
- 20#.#6.232.182/fwlink/?Li######################################################################################################
- DNS ASK www.up####.microsoft.com
- DNS ASK go.###rosoft.com
- DNS ASK download.windowsupdate.com
- DNS ASK do#####d.microsoft.com