Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'mixta' = '"%APPDATA%\Roaming\<Имя вируса>.exe"'
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\WININET.dll",DispatchAPICall 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v mixta /t REG_SZ /d """%APPDATA%\Roaming\<Имя вируса>.exe"""
- '<SYSTEM32>\conhost.exe'
- firefox.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe;.com;.scr'
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- %APPDATA%\Roaming\tfile.jsp
- %APPDATA%\Roaming\<Имя вируса>.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\index[1].php
- %APPDATA%\Roaming\tfile.jsp
- 'www.mp##st.bg':80
- www.mp##st.bg/louco/index.php
- DNS ASK www.mp##st.bg
- '22#.0.0.252':5355