Техническая информация
- %TEMP%\109984.exe
- %TEMP%\109984.exe (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c ""%TEMP%\oid.bat" "<Полный путь к вирусу>" "
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Options]
- [<HKCU>\Software\BPFTP]
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Options]
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Main]
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Main]
- [<HKCU>\Software\Sota\FFFTP\Options]
- [<HKCU>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\South River Technologies\WebDrive\Connections]
- [<HKCU>\Software\FTP Explorer\Profiles]
- [<HKCU>\Software\CoffeeCup Software\Internet\Profiles]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKLM>\Software\FlashFXP]
- [<HKCU>\Software\Far2\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\Far\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Far\Plugins\FTP\Hosts]
- [<HKCU>\Software\Far2\Plugins\FTP\Hosts]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\FlashFXP]
- [<HKLM>\Software\FlashFXP\3]
- [<HKCU>\Software\FlashFXP\3]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKLM>\Software\Ghisler\Total Commander]
- %TEMP%\oid.bat
- %TEMP%\109984.exe
- 'ne##get.com':80
- 'vi##get.com':80
- ne##get.com/200/ns.php
- vi##get.com/hp/dir.php
- DNS ASK ne##get.com
- DNS ASK vi##get.com