Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSUP6' = '%APPDATA%\nsync.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSUP6' = '<Полный путь к вирусу>'
- '%APPDATA%\nsync.exe'
- %TEMP%\2.tmp
- %APPDATA%\nsync.exe
- %TEMP%\1.tmp
- %APPDATA%\nsync.exe
- %APPDATA%\nsync.exe
- %TEMP%\2.tmp
- %TEMP%\1.tmp
- '61.##.192.123':443
- 'am####.acmetoy.com':8080
- '61.##.192.123':12350
- '61.##.192.123':1863
- 'am####.acmetoy.com':443
- 'bl####ws.onmypc.org':443
- 'bl####ws.onmypc.org':1863
- 'am####.acmetoy.com':80
- 'bl####ws.onmypc.org':12350
- am####.acmetoy.com/0000/a160859.asp
- DNS ASK am####.acmetoy.com
- DNS ASK bl####ws.onmypc.org
- ClassName: 'Indicator' WindowName: ''