Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\20655] 'Name' = '%TEMP%\2.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\8395] 'imagepath' = 'globalroot<DRIVERS>\8395.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Spooler] 'Start' = '00000002'
- '%WINDIR%\Temp\49FF.exe'
- '%WINDIR%\Temp\1061.exe'
- '<SYSTEM32>\spoolsv.exe'
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Temp\ldr4a2e.tmp
- C:\1504.tmp
- <DRIVERS>\8395.sys
- %WINDIR%\Temp\ldr4a3e.tmp
- %TEMP%\2.dll
- %TEMP%\1.exe
- %WINDIR%\Temp\49FF.exe
- %WINDIR%\Temp\1061.exe
- <DRIVERS>\8395.sys
- %WINDIR%\Temp\ldr4a2e.tmp
- %WINDIR%\Temp\ldr4a3e.tmp
- %WINDIR%\Temp\1061.exe в %WINDIR%\Temp\2143E8.tmp
- C:\1504.tmp в %WINDIR%\Temp\1453E8.tmp
- из <Полный путь к вирусу> в %TEMP%\3.tmp