Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\673b491b] 'Name' = '%TEMP%\esp4CBE.tmp'
- [<HKLM>\SYSTEM\ControlSet002\Services\454nM0J] 'ImagePath' = '<DRIVERS>\454nM0J.sys'
- [<HKLM>\SYSTEM\ControlSet002\Services\454nM0J] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\454nM0J] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\454nM0J] 'ImagePath' = '<DRIVERS>\454nM0J.sys'
- <SYSTEM32>\spoolsv.exe
- ClassName: '____AVP.Root' WindowName: ''
- <SYSTEM32>\spoolsv.exe.new
- <SYSTEM32>\dllcache\spoolsv.exe.new
- <DRIVERS>\454nM0J.sys
- %TEMP%\esp4CBE.tmp
- %WINDIR%\Temp\sys5A86.tmp
- %TEMP%\esp4CBE.tmp
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Temp\sys5A86.tmp
- <Полный путь к вирусу> в %TEMP%\tmp5830.tmp
- <SYSTEM32>\spoolsv.exe в %WINDIR%\Temp\tmp5548.tmp
- DNS ASK 75#########f1efeaf8e20efc8671f5c.net
- DNS ASK 24#########a169f6eff42dff26155d3.net
- DNS ASK fd#########c4e8b3d4ad842424672f2.net
- DNS ASK 7e#########8f94dc8967a6f9bf465b9.net
- DNS ASK ff#########5ba96ca75fdae9c44cf5d.net
- DNS ASK ee#########af1e7bd79212acc9dde16.net
- DNS ASK 78#########367beb24b3270232e67e5.net
- DNS ASK 35#########bd6c908c386b532a3dc2f.net