Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '<Полный путь к вирусу>'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:<Имя вируса>'
- %TEMP%\itoca.txt
- %TEMP%\nossa.txt
- %TEMP%\cbch.txt
- %TEMP%\cit.txt
- %TEMP%\sic.txt
- %TEMP%\santa.txt
- %TEMP%\bb.txt
- %TEMP%\upd22.exe
- %TEMP%\brada.txt
- %TEMP%\cx.txt
- %TEMP%\prime.txt
- 'sm##.gmail.com':25
- 'www.mf###011.com':80
- www.mf###011.com/links_loader_nervoso/itoca.txt
- www.mf###011.com/links_loader_nervoso/nossa.txt
- www.mf###011.com/links_loader_nervoso/cbch.txt
- www.mf###011.com/links_loader_nervoso/cit.txt
- www.mf###011.com/links_loader_nervoso/sic.txt
- www.mf###011.com/links_loader_nervoso/santa.txt
- www.mf###011.com/links_loader_nervoso/bb.txt
- www.mf###011.com/links_loader_nervoso/upd22.exe
- www.mf###011.com/links_loader_nervoso/brada.txt
- www.mf###011.com/links_loader_nervoso/cx.txt
- www.mf###011.com/links_loader_nervoso/prime.txt
- DNS ASK sm##.gmail.com
- DNS ASK www.mf###011.com
- ClassName: 'Indicator' WindowName: ''