Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'WindowsUpdate' = '%APPDATA%\Microsoft\Windows\svchost.exe'
- '%APPDATA%\Microsoft\Windows\svchost.exe' "<Полный путь к вирусу>"
- %APPDATA%\Microsoft\Windows\svchost.exe
- 'to###19200.info':35100
- '20#.#2.236.130':35100
- '20#.#2.236.130':35109
- '20#.#2.236.130':35103
- '20#.#2.236.130':35108
- '20#.#2.236.130':35105
- '20#.#2.236.130':35101
- 'un###nk599.info':35105
- 'in###77350.net':35103
- '20#.#2.236.130':35107
- '20#.#2.236.130':35102
- '20#.#2.236.130':35106
- '20#.#2.236.130':35104
- 'dr###57289.com':35101
- 'bl###75331.org':35104
- 'mt###7711.org':35102
- DNS ASK dr###57289.com
- DNS ASK to###19200.info
- DNS ASK un###nk599.info
- DNS ASK in###77350.net
- DNS ASK bl###75331.org
- DNS ASK mt###7711.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'