Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = ''
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{A2VCGFL7-818P-2NOP-7O7C-5452N8JI5OD0}] 'StubPath' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '"%TEMP%\svchost.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = ''
- <SYSTEM32>\svchost.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- <SYSTEM32>\InstallDir\Server.exe
- %APPDATA%\Microsoft\Windows\-A$&2W+7C.dat
- %TEMP%\RCX1.tmp
- %APPDATA%\Microsoft\Windows\-A$&2W+7C.cfg
- %APPDATA%\Microsoft\Windows\-A$&2W+7C.dat
- <SYSTEM32>\InstallDir\Server.exe
- %APPDATA%\Microsoft\Windows\-A$&2W+7C.cfg
- из <Полный путь к вирусу> в %TEMP%\svchost.exe
- 'mi####558.no-ip.biz':81
- 'localhost':1033
- DNS ASK mi####558.no-ip.biz
- '<IP-адрес в локальной сети>':1034
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''