Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ebola EWS' = '<Полный путь к вирусу>'
- '<LS_APPDATA>\Ebola Early Warning System Official Installer.exe'
- '<LS_APPDATA>\Ebola Early Warning System Official Installer.exe' (загружен из сети Интернет)
- <LS_APPDATA>\ebola.pids
- <LS_APPDATA>\ebola.alerts
- <LS_APPDATA>\ebola.time
- <LS_APPDATA>\ebola.state
- <LS_APPDATA>\Ebola Early Warning System Official Installer.exe
- <LS_APPDATA>\ebola.installed
- <LS_APPDATA>\ebola.zipcode
- 'eb###.events':80
- 'www.co####h14fast.com':80
- eb###.events/zip.php
- eb###.events/state.php
- www.co####h14fast.com/download.php?kH######
- eb###.events/register.php?ma##############
- DNS ASK eb###.events
- DNS ASK www.co####h14fast.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''