Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "+WindowsDirectory+\mscalc.exe"'
- %TEMP%\rn00.exe
- %WINDIR%\mscalc.exe
- %WINDIR%\Explorer.EXE
- <Текущая директория>\<Имя вируса> .exe
- %WINDIR%\mscalc .exe
- <SYSTEM32>\ms229680.dll
- %TEMP%\rn00 .exe
- %WINDIR%\mscalc.exe
- %WINDIR%\hwuser.dll
- <SYSTEM32>\msiclass.dll
- %TEMP%\rn00.exe
- 'ft#.##tfirms.com':21
- DNS ASK ft#.##tfirms.com
- ClassName: 'Termsix32' WindowName: ''
- ClassName: 'runapx68' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''