Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update Agent' = '"<Полный путь к вирусу>"'
- '<SYSTEM32>\schtasks.exe' /CREATE /F /TN "Microsoft Security Service" /TR "<Полный путь к вирусу>" /SC onstart
- '<SYSTEM32>\wbem\wmic.exe' computersystem get Manufacturer, Model
- '<SYSTEM32>\wbem\wmic.exe' os get caption
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %TEMP%\tmp3.tmp
- %WINDIR%\system.dat
- <Текущая директория>\TempWmicBatchFile.bat
- %TEMP%\tmp1.tmp
- %WINDIR%\svchost.exe
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %TEMP%\tmp2.tmp
- %TEMP%\tmp3.tmp
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- DNS ASK ki####.zapto.org
- 'ki####.zapto.org':7779
- ClassName: '' WindowName: 'System Configuration'
- ClassName: '' WindowName: 'Utilitaire de configuration syst?me'
- ClassName: '' WindowName: 'Autoruns [CRNJEUFU\%USERNAME%] - Sysinternals: www.sysinternals.com'
- ClassName: '' WindowName: 'System Configuration Utility'
- ClassName: '' WindowName: 'Configuration du syst?me'
- ClassName: '' WindowName: 'Piriform CCleaner'
- ClassName: '' WindowName: 'TightVNC Control Interface'
- ClassName: '' WindowName: 'Registry Editor'
- ClassName: '' WindowName: '?diteur du Registre'