Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'WinUpdate' = '%APPDATA%\Microsoft\Windows\services.exe'
- '%APPDATA%\Microsoft\Windows\services.exe' "<Полный путь к вирусу>"
- %APPDATA%\Microsoft\Windows\services.exe
- %APPDATA%\Microsoft\Windows\services.exe
- 'te###73205.org':53100
- '10#.#20.153.137':53102
- 'te###91500.net':53100
- '10#.#20.153.137':53109
- '10#.#20.153.137':53103
- '10#.#20.153.137':53106
- '10#.#20.153.137':53101
- 'te###91500.com':53100
- 'te###73205.com':53100
- '10#.#20.153.137':53108
- 'te###73205.info':53100
- 't1###18190.net':53100
- 't1###18190.info':53100
- '10#.#20.153.137':53105
- 't1###18190.org':53100
- 'te###91500.org':53100
- DNS ASK te###91500.net
- DNS ASK t1###18190.info
- DNS ASK te###91500.com
- DNS ASK te###73205.org
- DNS ASK te###91500.org
- DNS ASK t1###18190.net
- DNS ASK te###73205.info
- DNS ASK t1###18190.org
- DNS ASK te###73205.com