Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Gray_Pigeon_Servers] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Gray_Pigeon_Servers] 'ImagePath' = '%ALLUSERSPROFILE%\Favorites\NeroCheck.exe'
- 'Gray_Pigeon_Servers' %ALLUSERSPROFILE%\Favorites\NeroCheck.exe
- %ALLUSERSPROFILE%\favorites\nerocheck.exe
- %WINDIR%\delete.bat
- %ALLUSERSPROFILE%\favorites\nerocheck.exe
- DNS ASK gz####s.vicp.net
- '%ALLUSERSPROFILE%\favorites\nerocheck.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\Delete.bat' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\Delete.bat