Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{546BE991-9BCE-5827-ABD0-24604BD04902}] 'StubPath' = '%WINDIR%\Stare.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{362BE421-9BCE-1292-ABD0-28716BD02718}] 'StubPath' = '%WINDIR%\Stare.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{E46BE471-9BCE-6447-ABD0-21538BD02869}] 'StubPath' = '%WINDIR%\Stare.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{E27BE134-9BCE-1041-ABD0-36500BD02169}] 'StubPath' = '%WINDIR%\Stare.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{728BE962-9BCE-3478-ABD0-34464BD06705}] 'StubPath' = '%WINDIR%\Stare.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{C97BE161-9BCE-6281-ABD0-10491BD03995}] 'StubPath' = '%WINDIR%\Stare.exe'
- '%WINDIR%\Stare.exe'
- %WINDIR%\Explorer.EXE
- %WINDIR%\spec.fne
- %WINDIR%\SystemXP.dll
- %WINDIR%\Stare.exe
- %WINDIR%\dp1.fne
- C:\12.txt
- %WINDIR%\krnln.fnr
- %WINDIR%\spec.fne
- %WINDIR%\SystemXP.dll
- %WINDIR%\Stare.exe
- <Полный путь к вирусу>
- %WINDIR%\krnln.fnr
- %WINDIR%\dp1.fne
- %TEMP%\~DFA59.tmp
- 'localhost':8880