Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'sidebar' = '%APPDATA%\Roaming\Sample.lnk'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\ServiceProfiles\NetworkService\AppData\Local\Temp\CabA7D6.tmp
- %APPDATA%\Roaming\Sample.lnk
- %APPDATA%\Roaming\DataWork\<Имя вируса>.exe
- %WINDIR%\ServiceProfiles\NetworkService\AppData\Local\Temp\CabA6E8.tmp
- %WINDIR%\ServiceProfiles\NetworkService\AppData\Local\Temp\CabA70A.tmp
- %TEMP%\CabA7B3.tmp
- %TEMP%\CabA7B3.tmp
- %WINDIR%\ServiceProfiles\NetworkService\AppData\Local\Temp\CabA7D6.tmp
- %WINDIR%\ServiceProfiles\NetworkService\AppData\Local\Temp\CabA6E8.tmp
- %WINDIR%\ServiceProfiles\NetworkService\AppData\Local\Temp\CabA70A.tmp
- 'xe####r2.zapto.org':3360
- 'ct###.#indowsupdate.com':80
- ct###.#indowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ea##############
- ct###.#indowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?03##############
- DNS ASK dn#.##ftncsi.com
- DNS ASK xe####r2.zapto.org
- DNS ASK ct###.#indowsupdate.com