Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\explorer\explorer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Explorer' = '<SYSTEM32>\explorer\explorer.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- Диспетчера задач (Taskmgr)
- Редактора реестра (RegEdit)
- Средство контроля пользовательских учетных записей (UAC)
- <LS_APPDATA>\Xenocode\Sandbox\antivir.com\2.0.1.2\2012.06.14T21.36\Native\STUBEXE\8.0.1135\@SYSTEM@\attrib.exe "%HOMEPATH%\Desktop\virus s.exe" +s +h
- <LS_APPDATA>\Xenocode\Sandbox\antivir.com\2.0.1.2\2012.06.14T21.36\Native\STUBEXE\8.0.1135\@SYSTEM@\attrib.exe "%HOMEPATH%\Desktop" +s +h
- <LS_APPDATA>\Xenocode\Sandbox\antivir.com\2.0.1.2\2012.06.14T21.36\Native\STUBEXE\8.0.1135\@SYSTEM@\cmd.exe /k attrib "%HOMEPATH%\Desktop" +s +h
- <LS_APPDATA>\Xenocode\Sandbox\antivir.com\2.0.1.2\2012.06.14T21.36\Virtual\STUBEXE\8.0.1135\@DESKTOP@\virus ş.exe
- <LS_APPDATA>\Xenocode\Sandbox\antivir.com\2.0.1.2\2012.06.14T21.36\Native\STUBEXE\8.0.1135\@SYSTEM@\cmd.exe /k attrib "%HOMEPATH%\Desktop\virus s.exe" +s +h
- 'te####.no-ip.org':1604
- DNS ASK te####.no-ip.org
- ClassName: 'Indicator' WindowName: ''