Техническая информация
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\196125.bat" "<Полный путь к вирусу>" "
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Options]
- [<HKCU>\Software\BPFTP]
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Options]
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Main]
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Main]
- [<HKCU>\Software\Sota\FFFTP\Options]
- [<HKCU>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\South River Technologies\WebDrive\Connections]
- [<HKCU>\Software\FTP Explorer\Profiles]
- [<HKCU>\Software\CoffeeCup Software\Internet\Profiles]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKLM>\Software\FlashFXP]
- [<HKCU>\Software\Far2\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\Far\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Far\Plugins\FTP\Hosts]
- [<HKCU>\Software\Far2\Plugins\FTP\Hosts]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\FlashFXP]
- [<HKLM>\Software\FlashFXP\3]
- [<HKCU>\Software\FlashFXP\3]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKLM>\Software\Ghisler\Total Commander]
- %TEMP%\196125.bat
- <Текущая директория>\out.bin
- 'st#####77.site11.com':80
- http://st#####77.site11.com/gate.php
- DNS ASK st#####77.site11.com