Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '_ID400300' = '"%ALLUSERSPROFILE%\windows_defender.exe"'
- '%APPDATA%\taskhos.exe'
- <LS_APPDATA>\rhtseg4eg\taskhos.exe_Url_034u5oelbzt0gwxqpca12gaj35vbggxe\1.0.0.0\tkz8otnr.newcfg
- %APPDATA%\taskhos.exe
- %APPDATA%\GRDGDGRD.dll
- <Полный путь к вирусу>
- <LS_APPDATA>\rhtseg4eg\taskhos.exe_Url_034u5oelbzt0gwxqpca12gaj35vbggxe\1.0.0.0\tkz8otnr.newcfg в <LS_APPDATA>\rhtseg4eg\taskhos.exe_Url_034u5oelbzt0gwxqpca12gaj35vbggxe\1.0.0.0\user.config
- 'ta#####.blogspot.com.br':443
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ta#####.blogspot.com.br
- DNS ASK wp#d