Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{09281706-8E87-C1A2-E239-9FA68474FBB2}] 'stubpath' = ''
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{09281706-8E87-C1A2-E239-9FA68474FBB2}] 'StubPath' = '%PROGRAM_FILES%\Windows NT\hyper.exe s'
- <SYSTEM32>\smss.exe
- %WINDIR%\Explorer.EXE
- %PROGRAM_FILES%\Windows NT\hyper.exe
- %PROGRAM_FILES%\Windows NT\hyper.exe
- <Полный путь к вирусу>
- 'ba####020.gicp.net':81
- DNS ASK ba####020.gicp.net