Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{LR226Y7F-OC08-137R-2A08-DN8F2VKKV667}] 'StubPath' = '"%APPDATA%\chrome.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NetWire' = '%APPDATA%\chrome.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'chrome.exe' = '"%APPDATA%\chrome.exe"'
- %TEMP%\TCSrDPOBGzMO.exe "%APPDATA%\chrome.exe"
- %APPDATA%\chrome.exe
- %TEMP%\TCSrDPOBGzMO.exe "<Полный путь к вирусу>"
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\c1b9ecc8-b31f-4d29-9b93-00b10b8a7c6f
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\chrome.exe
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %TEMP%\ZEwBKqEM.dll
- %TEMP%\wOXAlqouq.dll
- %TEMP%\qcphGyShsXx.dll
- %TEMP%\TCSrDPOBGzMO.exe
- %TEMP%\SRGPPFot.Gsa
- %TEMP%\wOXAlqouq.dll
- %TEMP%\SRGPPFot.Gsa
- %TEMP%\ZEwBKqEM.dll
- %TEMP%\TCSrDPOBGzMO.exe
- %TEMP%\qcphGyShsXx.dll
- '31.##3.9.126':3360
- ClassName: 'Indicator' WindowName: ''