Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AdobeARMS' = '%CommonProgramFiles%\AdobeARMS.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'patches' = '1'
- <DRIVERS>\tcpip.sys
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%CommonProgramFiles%\AdobeARMS.exe' = '%CommonProgramFiles%\AdobeARMS.exe:*:Enabled:AdobeARMS'
- скрытых файлов
- %CommonProgramFiles%\AdobeARMS.exe
- %CommonProgramFiles%\AdobeARMS.exe 308 "<Полный путь к вирусу>"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %CommonProgramFiles%\AdobeARMS.exe
- %CommonProgramFiles%\AdobeARMS.exe
- 'ol####ne.mine.nu':7562
- DNS ASK ol####ne.mine.nu