Техническая информация
- %TEMP%\realsched.exe
- %TEMP%\wojagepoj.exe <Полный путь к вирусу>
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\3d654bc5-ab01-4769-b895-5295ad724e23
- %HOMEPATH%\realsched.exe
- %TEMP%\nst6.tmp
- %TEMP%\realsched.exe
- %TEMP%\nse4.tmp
- %TEMP%\Catoyebe.Gap
- %TEMP%\Sagucovuv.dll
- %TEMP%\nsq2.tmp
- %TEMP%\wuparihulike.dll
- %TEMP%\wojagepoj.exe
- %TEMP%\yihususi.dll
- %TEMP%\Pehakiliji.dll
- %TEMP%\realsched.exe
- %HOMEPATH%\realsched.exe
- %TEMP%\Sagucovuv.dll
- %TEMP%\Catoyebe.Gap
- %HOMEPATH%\realsched.exe
- %TEMP%\wuparihulike.dll
- %TEMP%\wojagepoj.exe
- %TEMP%\yihususi.dll
- %TEMP%\Pehakiliji.dll
- '23#.#31.231.121':5050
- DNS ASK ap#.##nitradio.com
- ClassName: 'Button' WindowName: 'Start'
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: '#32770' WindowName: 'Windows Task Manager'
- ClassName: 'Shell_TrayWnd' WindowName: ''