Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{53E36A99-D7C0-88F1-A5E8-D1BA4187116D}] 'StubPath' = 'AXIS16.exe'
- %TEMP%\<Имя вируса>.exe
- %TEMP%\wtsapi32.sys
- <SYSTEM32>\reg.exe add hklm\SYSTEM\CurrentControlSet\Services\ip6fw /v imagepath /t REG_EXPAND_SZ /d system32\DRIVERS\Ip6Fw.sys /f
- <SYSTEM32>\reg.exe add hklm\SYSTEM\CurrentControlSet\Services\ip6fw /v imagepath /t REG_EXPAND_SZ /d \??\%HOMEPATH%\51915.tmp /f
- <SYSTEM32>\dllcache\ai5211.sys
- %WINDIR%\Installer\b25211.msi
- <SYSTEM32>\AXIS16.exe
- %TEMP%\<Имя вируса>.exe
- %TEMP%\wtsapi32.sys
- %HOMEPATH%\51915.tmp
- %HOMEPATH%\Cookies\GT5211.dat
- %WINDIR%\Installer\b25211.msi
- <SYSTEM32>\AXIS16.exe
- %HOMEPATH%\51915.tmp
- %HOMEPATH%\Cookies\GT5211.dat
- 'ha###.#ikybeauty.com':80
- DNS ASK ha###.#ikybeauty.com