Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dumpsc' = 'rundll32 "%WINDIR%\client.dll",CreateProcessNotify'
- '<SYSTEM32>\driverquery.exe'
- '<SYSTEM32>\reg.exe' query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s
- '<SYSTEM32>\makecab.exe' %TEMP%\_1.tmp %TEMP%\~2.tmp
- '<SYSTEM32>\attrib.exe' -r -s -h "<Имя вируса>.exe"
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\tasklist.exe' /SVC
- %WINDIR%\Explorer.EXE
- iexplore.exe
- firefox.exe
- chrome.exe
- %TEMP%\cab4
- %TEMP%\cab3
- %TEMP%\cab2
- %TEMP%\~2.tmp
- %TEMP%\cab5
- %TEMP%\cab6
- %WINDIR%\aplib.dll
- %WINDIR%\zlib1.dll
- %WINDIR%\client.dll
- %TEMP%\_1.tmp
- <Текущая директория>\171390.cmd
- %WINDIR%\aplib64.dll
- %TEMP%\cab6
- %TEMP%\cab5
- %TEMP%\~2.tmp
- %TEMP%\_1.tmp
- %TEMP%\cab2
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\tasks[1].0
- %TEMP%\cab4
- %TEMP%\cab3
- '95.##1.192.195':80
- 95.##1.192.195/tasks?ve##################################################################################################
- 95.##1.192.195/data?ve##########################################################################################################
- ClassName: 'Indicator' WindowName: ''