Техническая информация
- %WINDIR%\tasks\viruspreventer.job
- [<HKLM>\System\CurrentControlSet\Services\Not supportive Poverty] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Not supportive Poverty] 'ImagePath' = '%APPDATA%\Not supportive Poverty\Not supportive Poverty.exe'
- %ALLUSERSPROFILE%\application data\{3d4a00dd-a442-f407-3d4a-a00dda440376}\<Имя файла>.exe
- %ALLUSERSPROFILE%\application data\{3d4a00dd-a442-f407-3d4a-a00dda440376}\<Имя файла>.dat
- %APPDATA%\not supportive poverty\not supportive poverty.exe
- %APPDATA%\not supportive poverty\fba00.dat
- DNS ASK ri###ynorth.biz
- DNS ASK al####el-pro.com
- DNS ASK pa###tmodel.biz
- DNS ASK mo###odel.biz
- '%APPDATA%\not supportive poverty\not supportive poverty.exe'