Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\SAXKkrId] 'Name' = '%TEMP%\MltJiqGce.tmp'
- [<HKLM>\SYSTEM\ControlSet001\Services\5f6ac860] 'imagepath' = '%WINDIR%\TEMP\sKhozVD.tmp'
- [<HKLM>\SYSTEM\ControlSet001\Services\5f6ac860] 'start' = '00000001'
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Temp\sKhozVD.tmp
- %TEMP%\MltJiqGce.tmp
- %WINDIR%\Temp\sKhozVD.tmp
- из <Полный путь к вирусу> в %TEMP%\KkuOpBZ.tmp
- 'se###guia.com':80
- se###guia.com/kx.php
- DNS ASK se###guia.com