Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\DETrueTime] 'Start' = '00000002'
- %WINDIR%\Explorer.EXE
- %TEMP%\KB980
- <LS_APPDATA>\chkzero.txt
- %ALLUSERSPROFILE%\Application Data\svchost.txt
- %TEMP%\`.sys
- %TEMP%\temp.txt
- %TEMP%\Metxt
- %ALLUSERSPROFILE%\Application Data\SVCH0ST.dll
- %ALLUSERSPROFILE%\Application Data\SVCH0ST.dll
- %ALLUSERSPROFILE%\Application Data\KB7927447.exe
- <Полный путь к вирусу>
- %TEMP%\Metxt
- %TEMP%\KB980
- 'w3####.localdomain':3
- 'w4####.localdomain':4
- 'yf###.vicp.net':8080
- 'w2####.localdomain':2
- DNS ASK w3####.localdomain
- DNS ASK w4####.localdomain
- DNS ASK yf###.vicp.net
- DNS ASK w2####.localdomain