Техническая информация
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = '"<Полный путь к вирусу>"'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'cmd.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'qcgce2mrvjq91kk1e7pnbb19m52fx' = '<Полный путь к вирусу>'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe'
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = ''
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\Templates\2433f433
- %APPDATA%\2433f433
- <LS_APPDATA>\2433f433
- %ALLUSERSPROFILE%\Application Data\2433f433
- 'yk###guko.pl':80
- 'ok###vara.pl':80
- yk###guko.pl/yExIuo5kBGtvLnJteWt1cmVKdWtvLnA=
- DNS ASK ad###vaxu.pl
- DNS ASK ok###vara.pl
- DNS ASK yk###guko.pl
- DNS ASK im###hawi.pl
- DNS ASK yh###dyle.pl
- DNS ASK ov###cyni.pl
- DNS ASK iv###neky.pl
- ClassName: 'Indicator' WindowName: '(null)'