Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'cert2app.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\Spooler] 'Start' = '00000002'
- <DRIVERS>\atmarpc.sys
- '<SYSTEM32>\cert2exe.exe' *<Полный путь к вирусу>
- '<SYSTEM32>\net1.exe' start spooler
- '<SYSTEM32>\spoolsv.exe'
- '<SYSTEM32>\net.exe' stop spooler
- '<SYSTEM32>\net1.exe' stop spooler
- %ALLUSERSPROFILE%\Application Data\Microsoft\Mse\nt.dat
- <DRIVERS>\osapi.log
- C:\error.log
- %ALLUSERSPROFILE%\Application Data\Microsoft\Mse\os.dat
- <SYSTEM32>\cert2app.dll
- <SYSTEM32>\cert2exe.exe
- <SYSTEM32>\cert2dll.dll
- <SYSTEM32>\cert2prt.dll
- 'ic####.vulncode.org':443
- 'ic#.##lncode.org':443
- DNS ASK ic####.vulncode.org
- DNS ASK ic#.##lncode.org