Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rasautou' = '"%APPDATA%\Microsoft\Windows\WSUS\rasautou.exe"'
- %APPDATA%\Microsoft\Windows\WSUS\rasautou.exe "<Полный путь к вирусу>"
- <SYSTEM32>\svchost.exe -k netsvcs
- %APPDATA%\Microsoft\SystemCertificates\My\Certificates\0ED0B11F6CE861C20D99C818ED556583FD58AC32
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\031bf296ed1d94ae531596b05adacff5_23ef5514-3059-436f-a4a7-4cefaab20eb1
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\Windows\WSUS\EFS0.TMP:minidump.zip
- %APPDATA%\Microsoft\Windows\WSUS\EFS0.TMP
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Windows\WSUS\rasautou.exe
- <Полный путь к вирусу>:minidump.zip
- %APPDATA%\Microsoft\Windows\WSUS\rasautou.exe:minidump.zip
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\49bf1f84-b627-419c-ad07-c13fac7dd71d
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\Windows\WSUS\EFS0.TMP
- %APPDATA%\Microsoft\Windows\WSUS\EFS0.TMP:minidump.zip
- '95.#41.46.4':5000
- ClassName: 'Indicator' WindowName: ''