Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Podcast Update Manager' = '"%APPDATA%\patrick_schwazy.exe"'
- '%APPDATA%\patrick_schwazy.exe'
- %TEMP%\crx.zip
- %APPDATA%\patrick_schwazy.exe
- %APPDATA%\patrick_schwazy.exe
- 'ki###edya.org':80
- ki###edya.org/crxx.zip
- DNS ASK ki###edya.org
- ClassName: 'WINGUI' WindowName: '%APPDATA%\patrick_schwazy.exe'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'WINGUI' WindowName: '<Полный путь к вирусу>'