Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\paycrypt.bmp
- %HOMEPATH%\Start Menu\Programs\Startup\<Имя вируса>.exe
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\cmd.exe' /c cleen.bat
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <Текущая директория>\cleen.bat
- %APPDATA%\paycrypt.bmp
- %ALLUSERSPROFILE%\Application Data\TEMP\RAIDTest
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'mu##jir.tj':80
- mu##jir.tj/script.php
- DNS ASK mu##jir.tj
- ClassName: 'Shell_TrayWnd' WindowName: ''