Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'syotom' = '<Полный путь к вирусу>'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:Sevsl'
- '%WINDIR%\install_flashplayer11x32ax_gtbd_aih.exe'
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
- %WINDIR%\install_flashplayer11x32ax_gtbd_aih.exe
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
- 'cs######0-crl.verisign.com':80
- 'crl.verisign.com':80
- 'wp#d':80
- http://crl.verisign.com/pca3-g5.crl
- http://cs######0-crl.verisign.com/CSC3-2010.crl
- http://11#.#11.111.1/wpad.dat via wp#d
- http://crl.verisign.com/pca3.crl
- DNS ASK cs######0-crl.verisign.com
- DNS ASK crl.verisign.com
- DNS ASK wp#d