Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Erewhon' = '<Полный путь к вирусу>'
- <SYSTEM32>\ping.exe /pid=5540
- <SYSTEM32>\ping.exe /pid=3552
- <SYSTEM32>\ping.exe /pid=2136
- <SYSTEM32>\ping.exe /pid=5348
- <SYSTEM32>\ping.exe /pid=3344
- <SYSTEM32>\ping.exe /pid=3388
- <SYSTEM32>\ping.exe /pid=4024
- <SYSTEM32>\ping.exe /pid=3256
- <SYSTEM32>\ping.exe /pid=3728
- <SYSTEM32>\ping.exe /pid=5756
- <SYSTEM32>\ping.exe /pid=5084
- <SYSTEM32>\ping.exe /pid=5816
- <SYSTEM32>\ping.exe /pid=4956
- <SYSTEM32>\ping.exe /pid=5624
- <SYSTEM32>\ping.exe /pid=2460
- <SYSTEM32>\ping.exe /pid=5008
- <SYSTEM32>\ping.exe /pid=4432
- <SYSTEM32>\ping.exe /pid=3296
- <SYSTEM32>\ping.exe /pid=5068
- <SYSTEM32>\ping.exe /pid=3688
- <SYSTEM32>\ping.exe /pid=5012
- <SYSTEM32>\ping.exe /pid=5204
- <SYSTEM32>\ping.exe /c cls&&ping -n -l 500
- <SYSTEM32>\ping.exe -n -l 500
- <SYSTEM32>\ping.exe /pid=3432
- <SYSTEM32>\ping.exe /pid=3588
- <SYSTEM32>\ping.exe /pid=4316
- <SYSTEM32>\ping.exe /pid=3272
- <SYSTEM32>\ping.exe /pid=3172
- <SYSTEM32>\ping.exe /pid=3140
- <SYSTEM32>\ping.exe /pid=3000
- <SYSTEM32>\ping.exe /pid=3584
- <SYSTEM32>\ping.exe /pid=940
- <SYSTEM32>\ping.exe /pid=2856
- <SYSTEM32>\ping.exe /pid=3220
- <SYSTEM32>\ping.exe
- %WINDIR%\addins\key.txt
- 'ww##.#ubdomain.com':21
- 'wp#d':80
- wp#d/wpad.dat
- DNS ASK ww##.#ubdomain.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''