Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\mwscard\Parameters] 'ServiceDll' = '<SYSTEM32>\mwscard.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\mwscard] 'ImagePath' = '<SYSTEM32>\svchost.exe -k mwscard'
- [<HKLM>\SYSTEM\ControlSet001\Services\mwscard] 'Start' = '00000002'
- '<SYSTEM32>\attrib.exe' -a -r -s -h "<Полный путь к вирусу>"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\ebvi307.bat
- '<SYSTEM32>\svchost.exe' -k mwscard
- %TEMP%\ebvi307.bat
- <SYSTEM32>\RCX1.tmp
- <SYSTEM32>\mwscard.dll
- <SYSTEM32>\mwscard.dll
- <SYSTEM32>\mwscard.dll
- '10.#.110.8':3128
- 'ss#.###ton-research.com':443
- DNS ASK ss#.###ton-research.com