Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '360k' = '"%ALLUSERSPROFILE%\Application Data\sso\svchost.exe"'
- '%ALLUSERSPROFILE%\Application Data\sso\ssonsvr.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\Application Data\sso\config.ini
- %ALLUSERSPROFILE%\Application Data\sso\pnipcn.dll
- %ALLUSERSPROFILE%\Application Data\sso\ssonsvr.exe
- %ALLUSERSPROFILE%\Application Data\sso\ssonsvr.exe в %ALLUSERSPROFILE%\Application Data\sso\svchost.exe
- 'up.###lklite.com':443
- 'www.tr#####cro-update.org':443
- DNS ASK up.###lklite.com
- DNS ASK www.tr#####cro-update.org
- ClassName: 'Indicator' WindowName: ''