Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a297163e6b1676f3.exe' = '<LS_APPDATA>\a297163e6b1676f3.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\61252c6531898527] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\61252c6531898527] 'ImagePath' = '<DRIVERS>\61252c6531898527.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\25eef] 'Start' = '00000001'
- <LS_APPDATA>\a297163e6b1676f3.exe
- NtOpenThread, драйвер-обработчик: 61252c6531898527.sys
- NtOpenProcess, драйвер-обработчик: 61252c6531898527.sys
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\W1E3G9YR\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\N6LHZ8W6\desktop.ini
- <LS_APPDATA>\a297163e6b1676f3.exe
- <DRIVERS>\25eef.sys
- <DRIVERS>\61252c6531898527.sys
- %TEMP%\Temporary Internet Files\Content.IE5\W1E3G9YR\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- <DRIVERS>\25eef.sys
- из <Полный путь к вирусу> в %TEMP%\5c60c815.tmp
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''