Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\6to4] 'Start' = '00000002'
- '%TEMP%\tmp1.tmp'
- '<SYSTEM32>\net1.exe' start 6to4
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\dat5.tmp", sqlite3_backup_deinit %TEMP%\tmp1.tmp
- '<SYSTEM32>\rundll32.exe' %TEMP%\tmp3.tmp Check
- %APPDATA%\dat5.tmp
- <SYSTEM32>\NtUserEx.dat
- <SYSTEM32>\NtUserEx.dll
- %APPDATA%\dat4.tmp
- %TEMP%\tmp1.tmp
- %TEMP%\tmp2.tmp
- %TEMP%\tmp3.tmp
- %APPDATA%\dat5.tmp
- %APPDATA%\dat4.tmp
- %TEMP%\tmp1.tmp
- %TEMP%\tmp2.tmp в <Текущая директория>\<Имя вируса>.doc
- '15#.#29.81.178':80
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WordPadClass' WindowName: ''