Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\3AXH3M8M68.pif
- [<HKLM>\SYSTEM\ControlSet001\Services\C0X4WC8YU7B6] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\5GAZ91AKG] 'Start' = '00000002'
- 'C:\XBXTEEMJ7A8O.EXE' PUASIBQW
- '<Полный путь к вирусу>.exe'
- '<SYSTEM32>\regsvr32.exe' /u /s msvidctl.dll
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\regsvr32.exe' /u /s vbscript.dll
- '<SYSTEM32>\regsvr32.exe' /s "%WINDIR%\puasibqw.dll"
- '<SYSTEM32>\cmd.exe' /c C:\9PFZLD9SA.BAT
- '<SYSTEM32>\regsvr32.exe' /u /s itss.dll
- %PROGRAM_FILES%\Y6IL9TF5O\0AG0QY.exe
- %WINDIR%\puasibqw.dll
- C:\9PFZLD9SA.BAT
- %PROGRAM_FILES%\Y6IL9TF5O\FVQXA1EMV.exe
- %PROGRAM_FILES%\JN2F4W\02JSD8E.exe
- %PROGRAM_FILES%\JN2F4W\MX2SN1RS125.exe
- %WINDIR%\PUASIBQW.txt
- C:\XBXTEEMJ7A8O.EXE
- %PROGRAM_FILES%\Y6IL9TF5O\0AG0QY.exe
- %PROGRAM_FILES%\Y6IL9TF5O\FVQXA1EMV.exe
- <Полный путь к вирусу>.exe
- %PROGRAM_FILES%\JN2F4W\MX2SN1RS125.exe
- %PROGRAM_FILES%\JN2F4W\02JSD8E.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- '66.##.187.31':443
- '22#.73.10.1':443
- ClassName: 'PUASIBQW' WindowName: ''
- ClassName: 'PUASIBQW' WindowName: 'fxwdkaqkog'
- ClassName: 'Shell_TrayWnd' WindowName: ''