Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'xwp' = '<Полный путь к вирусу>'
- %TEMP%\xxxwrp010yyzz\.last_update
- %TEMP%\xxx1.tmp
- 'up####newfile.com':80
- 'w2.####adnewfile.com':80
- up####newfile.com/pp/cfg
- w2.####adnewfile.com/pbin/bin.zip
- DNS ASK up####newfile.com
- DNS ASK w2.####adnewfile.com
- ClassName: 'Indicator' WindowName: ''