Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rasautou' = '"%APPDATA%\Microsoft\Windows\WSUS\rasautou.exe"'
- '%APPDATA%\Microsoft\Windows\WSUS\rasautou.exe'
- '%APPDATA%\Microsoft\Windows\WSUS\rasautou.exe' "<Полный путь к вирусу>"
- '<SYSTEM32>\svchost.exe' -k netsvcs
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\SystemCertificates\My\Certificates\26E2364F3653FAA464B9B80D3942CC1CB00DAD61
- %APPDATA%\Microsoft\Windows\WSUS\EFS0.TMP:minidump.zip
- %APPDATA%\Microsoft\Windows\WSUS\EFS0.TMP
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\f5d08c35d9c3e527c0306922bad77155_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Windows\WSUS\rasautou.exe
- <Полный путь к вирусу>:minidump.zip
- %APPDATA%\Microsoft\Protect\CREDHIST
- %APPDATA%\Microsoft\Windows\WSUS\rasautou.exe:minidump.zip
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\Windows\WSUS\EFS0.TMP
- %APPDATA%\Microsoft\Windows\WSUS\EFS0.TMP:minidump.zip
- '46.##.159.154':5000
- ClassName: 'Indicator' WindowName: ''