Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\caff0b2b] 'Name' = '%TEMP%\esp9C78.tmp'
- [<HKLM>\SYSTEM\ControlSet002\Services\L63s031] 'ImagePath' = '<DRIVERS>\L63s031.sys'
- [<HKLM>\SYSTEM\ControlSet002\Services\L63s031] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\L63s031] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\L63s031] 'ImagePath' = '<DRIVERS>\L63s031.sys'
- <SYSTEM32>\spoolsv.exe
- ClassName: '____AVP.Root' WindowName: ''
- <SYSTEM32>\spoolsv.exe.new
- <SYSTEM32>\dllcache\spoolsv.exe.new
- <DRIVERS>\L63s031.sys
- %TEMP%\esp9C78.tmp
- %WINDIR%\Temp\sys321A.tmp
- %TEMP%\esp9C78.tmp
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Temp\sys321A.tmp
- <Полный путь к вирусу> в %TEMP%\tmpE476.tmp
- <SYSTEM32>\spoolsv.exe в %WINDIR%\Temp\tmp6A73.tmp
- '43#########089b4c27b95fec802d8b4.net':80
- http://43#########089b4c27b95fec802d8b4.net/track_c.cgi
- DNS ASK 43#########089b4c27b95fec802d8b4.net