Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '<Полный путь к вирусу>'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:<Имя вируса>'
- %TEMP%\itoca.txt
- %TEMP%\nossa.txt
- %TEMP%\cbch.txt
- %TEMP%\cit.txt
- %TEMP%\sic.txt
- %TEMP%\santa.txt
- %TEMP%\bb.txt
- %TEMP%\upd14.exe
- %TEMP%\brada.txt
- %TEMP%\cx.txt
- %TEMP%\prime.txt
- 'sm##.gmail.com':25
- 'www.mf###011.com':80
- www.mf###011.com/links_loader/itoca.txt
- www.mf###011.com/links_loader/nossa.txt
- www.mf###011.com/links_loader/cbch.txt
- www.mf###011.com/links_loader/cit.txt
- www.mf###011.com/links_loader/sic.txt
- www.mf###011.com/links_loader/santa.txt
- www.mf###011.com/links_loader/bb.txt
- www.mf###011.com/links_loader/upd14.exe
- www.mf###011.com/links_loader/brada.txt
- www.mf###011.com/links_loader/cx.txt
- www.mf###011.com/links_loader/prime.txt
- DNS ASK sm##.gmail.com
- DNS ASK www.mf###011.com
- ClassName: 'Indicator' WindowName: ''