Техническая информация
- '<SYSTEM32>\dumprep.exe' 2928 -dm 7 7 %TEMP%\WER9433.dir00\svchost.exe.hdmp 16325836412027140
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\sysdm.cpl,NoExecuteProcessException <SYSTEM32>\svchost.exe
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\dumprep.exe' 2928 -dm 7 7 %TEMP%\WER9433.dir00\svchost.exe.mdmp 16325836412027120
- %TEMP%\WER9433.dir00\appcompat.txt
- %TEMP%\WER9433.dir00\manifest.txt
- %TEMP%\WER9433.dir00\svchost.exe.mdmp
- %TEMP%\WER9433.dir00\svchost.exe.hdmp
- из <Полный путь к вирусу> в %APPDATA%\gllurzw.exe
- '20#.#6.232.182':80
- 20#.#6.232.182/windowsupdate/v6/thanks.aspx?ln###################
- DNS ASK de###xaw.com
- DNS ASK up####.microsoft.com
- ClassName: 'Shell_TrayWnd' WindowName: ''