Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{CT5R13P6-CQ0F-RA1X-BKHX-T56IRHQJ4VT8}] 'StubPath' = '"%APPDATA%\Services.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Services' = '%APPDATA%\Services.exe'
- %APPDATA%\Services.exe \melt "<Полный путь к вирусу>"
- <SYSTEM32>\winlogon.exe "%APPDATA%\Services.exe"
- %APPDATA%\log.dat
- %APPDATA%\Services.exe
- 'r0######.dyndns-home.com':36321
- 'any':0
- DNS ASK r0######.dyndns-home.com
- ClassName: 'Indicator' WindowName: ''