Техническая информация
- '%TEMP%\257609.exe'
- '%TEMP%\257609.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\265218.bat" "<Полный путь к вирусу>" "
- [<HKLM>\Software\FlashFXP]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKLM>\Software\FlashFXP\3]
- [<HKCU>\Software\FlashFXP\3]
- [<HKCU>\Software\FlashFXP]
- %TEMP%\265218.bat
- %TEMP%\257609.exe
- '62.##.45.242':80
- '62.##.189.92':80
- '62.##.180.44':80
- 62.##.45.242/our/1.exe
- 62.##.189.92/pnn/ga.php
- 62.##.180.44/pnn/ga.php