Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'WinUpdate' = '%APPDATA%\Microsoft\Windows\services.exe'
- '%APPDATA%\Microsoft\Windows\services.exe' "<Полный путь к вирусу>"
- %APPDATA%\Microsoft\Windows\services.exe
- %APPDATA%\Microsoft\Windows\services.exe
- '5.#.193.52':53109
- 't1###18191.com':53100
- 't1###18190.net':53100
- '5.#.193.52':53100
- '5.#.193.52':53107
- 't1###18191.org':53100
- '5.#.193.52':53110
- 't1###18191.info':53100
- '5.#.193.52':53101
- 't1###18190.com':53100
- '5.#.193.52':53102
- 't1###18190.org':53100
- '5.#.193.52':53103
- '5.#.193.52':53108
- '5.#.193.52':53105
- 't1###18190.info':53100
- 't1###18191.net':53100
- '5.#.193.52':53106
- DNS ASK t1###18191.com
- DNS ASK t1###18190.net
- DNS ASK t1###18191.org
- DNS ASK t1###18191.info
- DNS ASK t1###18190.com
- DNS ASK t1###18190.org
- DNS ASK t1###18190.info
- DNS ASK t1###18191.net