Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DpiScaling' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\DpiScaling] 'Start' = '00000002'
- '%PROGRAM_FILES%\Microsoft\Display Control Panel\DpiScaling.exe' /t "%TEMP%\1.tmp"
- '%PROGRAM_FILES%\Microsoft\Display Control Panel\DpiScaling.exe'
- '%TEMP%\1.tmp' /help?<Полный путь к вирусу>
- '<SYSTEM32>\control.exe' "%WINDIR%\TEMP\Control Panel\desktop.cpl"
- '<SYSTEM32>\rundll32.exe' Shell32.dll,Control_RunDLL "%WINDIR%\TEMP\Control Panel\desktop.cpl"
- '<SYSTEM32>\control.exe' "%TEMP%\Control Panel\desktop.cpl"
- '<SYSTEM32>\rundll32.exe' Shell32.dll,Control_RunDLL "%TEMP%\Control Panel\desktop.cpl"
- %TEMP%\Control Panel\desktop.cpl
- %WINDIR%\Temp\Control Panel\desktop.cpl
- %PROGRAM_FILES%\Microsoft\Dynamic COM+\comuid.dll
- %TEMP%\1.tmp
- %PROGRAM_FILES%\Microsoft\Display Control Panel\DpiScaling.exe
- %TEMP%\1.tmp
- из <Полный путь к вирусу> в <Текущая директория>\<Имя вируса>.docx
- 'st###.lapmapzi.com':28395
- 'st####.ranova.net':28395
- 'cd#.#ueraid.org':28395
- DNS ASK st###.lapmapzi.com
- DNS ASK im###.#esingfox.info
- DNS ASK cd#.#ueraid.org
- DNS ASK st####.ranova.net