Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ball' = '%CommonProgramFiles%\Sogou.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\DefenderDaemon] 'Start' = '00000002'
- '<SYSTEM32>\Sougou.exe'
- '%CommonProgramFiles%\Sogou.exe'
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- C:\ProgramData\Microsoft\RAC\Temp\sql8516.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlC64A.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlC66B.tmp
- %CommonProgramFiles%\Sogou.exe
- <SYSTEM32>\Sougou.exe
- C:\ProgramData\Microsoft\RAC\Temp\sql8536.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8516.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8536.tmp
- 'al#####ecoke.gicp.net':9919
- DNS ASK dn#.##ftncsi.com
- DNS ASK al#####ecoke.gicp.net