Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Network Virtual Service] 'Start' = '00000002'
- '%TEMP%\mmvc.exe' -f %TEMP%\eventvwr
- '%TEMP%\Origin\Setup.exe' /launcherTime=135343
- '%WINDIR%\Temp\mmvc.exe' -f %WINDIR%\TEMP\eventvwr
- '%TEMP%\<Имя вируса>.exe'
- '%TEMP%\jvh4k3bb.u35.exe'
- '%ALLUSERSPROFILE%\Application Data\Microsoft\Vlansvc\msvchost.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\r.bat" "
- %ALLUSERSPROFILE%\Application Data\Microsoft\Vlansvc\msvchost.InstallState
- %WINDIR%\Temp\mmvc.exe
- %TEMP%\InstallUtil.InstallLog
- %ALLUSERSPROFILE%\Application Data\Microsoft\Vlansvc\msvchost.InstallLog
- %WINDIR%\Temp\eventvwr
- %TEMP%\Origin\installerdll149203.dll
- %TEMP%\Origin\nsu6.tmp\UserInfo.dll
- %WINDIR%\Temp\Profiles\state.tmp
- %TEMP%\Origin\nsu6.tmp\System.dll
- %TEMP%\Origin\nss3.tmp\System.dll
- %TEMP%\Origin\installerdll135343.dll
- %TEMP%\<Имя вируса>.exe
- %TEMP%\jvh4k3bb.u35.exe
- %TEMP%\Origin\Setup.exe
- %TEMP%\mmvc.exe
- %TEMP%\eventvwr
- %ALLUSERSPROFILE%\Application Data\Microsoft\Vlansvc\msvchost.exe
- %TEMP%\r.bat
- %ALLUSERSPROFILE%\Application Data\Microsoft\Vlansvc\msvchost.InstallLog
- %WINDIR%\Temp\Profiles\state.tmp в %WINDIR%\Temp\Profiles\state
- '76.##.17.194':9090
- '15#.35.32.5':443
- 'localhost':60988
- 'localhost':1037
- ClassName: '#32770' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''