Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = ''
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{J6MOUCGL-V4FS-8A5D-C476-8U23BWLMJLFJ}] 'StubPath' = 'c:\directory\CyberGate\winlogon\winlogon.exe Restart'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Policies' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'server.exe' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'server.exe' = '<Полный путь к вирусу>'
- %TEMP%\%USERNAME%2.txt
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- C:\directory\CyberGate\winlogon\winlogon.exe
- %TEMP%\aut1.tmp
- %TEMP%\res.ico
- %TEMP%\res.ico2
- <Полный путь к вирусу>
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%2.txt
- %TEMP%\aut1.tmp
- C:\directory\CyberGate\winlogon\winlogon.exe
- 'ha#####akery.no-ip.biz':999
- DNS ASK ha#####akery.no-ip.biz
- ClassName: 'Indicator' WindowName: '(null)'