Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsHost' = '%APPDATA%\WinHost\svchost.exe'
- '%APPDATA%\WinHost\svchost.exe'
- '<SYSTEM32>\attrib.exe' -a -s -h -r "<Полный путь к вирусу>"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\d.bat" "<Полный путь к вирусу>""
- %TEMP%\d.bat
- %TEMP%\nd_2.tmp
- %APPDATA%\WinHost\svchost.exe
- %TEMP%\nd_1.tmp
- %APPDATA%\WinHost\svchost.exe
- 'av##der.in':80
- 'bu###smorges.in':80
- 'no####okfather.in':80
- 'tu##k.in':80
- 'nu##er.in':80
- 'ba###burn.in':80
- 'sc###izgang.in':80
- 'no##rcy.in':80
- 'mu##ralo.in':80
- 'to###body.in':80
- av##der.in/key.dat
- bu###smorges.in/key.dat
- no####okfather.in/key.dat
- tu##k.in/key.dat
- nu##er.in/key.dat
- ba###burn.in/key.dat
- sc###izgang.in/key.dat
- no##rcy.in/key.dat
- mu##ralo.in/key.dat
- to###body.in/key.dat
- DNS ASK av##der.in
- DNS ASK bu###smorges.in
- DNS ASK no####okfather.in
- DNS ASK tu##k.in
- DNS ASK nu##er.in
- DNS ASK ba###burn.in
- DNS ASK sc###izgang.in
- DNS ASK no##rcy.in
- DNS ASK mu##ralo.in
- DNS ASK to###body.in
- ClassName: 'Indicator' WindowName: '(null)'