Техническая информация
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- %TEMP%\pkg_c3837770\detectionrules.dat
- <LS_APPDATA>Low\cookieman.exe
- C:\ProgramData\Microsoft\RAC\Temp\sql473D.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql3A70.tmp
- %TEMP%\pkg_c3837770\<Имя вируса>.log
- %TEMP%\pkg_c3837770\wrapper.xml
- %TEMP%\pkg_c3837770\stub.log
- %TEMP%\pkg_c3837770\timings.txt
- %TEMP%\pkg_c3837770\autorun.txt
- 'dl.###talliq.com':80
- 'localhost':52979
- dl.###talliq.com/api/detectionrequest.aspx?ke##############################################
- DNS ASK dl.###talliq.com
- ClassName: 'OleMainThreadWndClass' WindowName: ''