Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Имя вируса>.exe' = '%TEMP%\au\release.exe'
- скрытых файлов
- Редактора реестра (RegEdit)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\au\illegal.bat
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\window[1].html
- %TEMP%\auext\window.html
- %TEMP%\au\illegal.bat
- %TEMP%\auext\manifest.json
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bigheckz[1].js
- %TEMP%\auext\bigheckz.js
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\manifest[1].json
- из <Полный путь к вирусу> в %TEMP%\au\release.exe
- 'bl##.###ny-wordpress.com':80
- bl##.###ny-wordpress.com/x/ch/window.html
- bl##.###ny-wordpress.com/x/ch/manifest.json
- bl##.###ny-wordpress.com/x/ch/bigheckz.js
- DNS ASK bl##.###ny-wordpress.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'