Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Capto' = 'C:\cpa\cpato.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Capto' = '<Полный путь к вирусу>'
- C:\cpa\cpato.exe
- %WINDIR%\Explorer.EXE
- C:\cpa\cpato.exe
- C:\cpa\down1.rar
- C:\cpa\down2.rar
- C:\cpa\time.rar
- C:\cpa\ming.rar
- C:\cpa\antan.rar
- 'ke##n86.com':80
- ke##n86.com//?id###
- ke##n86.com/ces/xxjfldsjflj12.rar
- ke##n86.com/aajfldsjfljwelrj.rar
- ke##n86.com//time.rar
- ke##n86.com/ttjfldsjfljwelrj.rar
- DNS ASK ke##n86.com
- ClassName: 'Progman' WindowName: 'Program Manager'