Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\COMSysApp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SENS] 'Start' = '00000002'
- <SYSTEM32>\net1.exe start Themes
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\cscript.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\winlogon.exe
- <Полный путь к вирусу>
- %ALLUSERSPROFILE%\Application Data\polriv23mid.dat
- %ALLUSERSPROFILE%\Application Data\dim32virlop.dat
- %ALLUSERSPROFILE%\Application Data\polriv23mid.dat
- %ALLUSERSPROFILE%\Application Data\dim32virlop.dat
- <Полный путь к вирусу>
- '25#.#10.143.221':80
- '82.##8.68.144':80
- '68.##8.220.250':80
- '25#.#86.43.112':80
- '21#.#15.210.213':80
- '17#.#4.86.187':80