Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\30fd6705] 'Name' = '%TEMP%\espF022.tmp'
- [<HKLM>\SYSTEM\ControlSet002\Services\c021B79] 'ImagePath' = '<DRIVERS>\c021B79.sys'
- [<HKLM>\SYSTEM\ControlSet002\Services\c021B79] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\c021B79] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\c021B79] 'ImagePath' = '<DRIVERS>\c021B79.sys'
- <SYSTEM32>\spoolsv.exe
- ClassName: '____AVP.Root' WindowName: ''
- <SYSTEM32>\spoolsv.exe.new
- <SYSTEM32>\dllcache\spoolsv.exe.new
- <DRIVERS>\c021B79.sys
- %TEMP%\espF022.tmp
- %WINDIR%\Temp\sys19BE.tmp
- %TEMP%\espF022.tmp
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Temp\sys19BE.tmp
- <Полный путь к вирусу> в %TEMP%\tmpF209.tmp
- <SYSTEM32>\spoolsv.exe в %WINDIR%\Temp\tmp3DC4.tmp
- 'ee#########af1e7bd79212acc9dde16.net':80
- http://ee#########af1e7bd79212acc9dde16.net/track_c.cgi
- DNS ASK ee#########af1e7bd79212acc9dde16.net