Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Dump' = '%PROGRAM_FILES%\FbService.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MyMusic' = 'C:\Users\Music.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Bar' = '%WINDIR%\FbMonitor.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Buffer' = '%WINDIR%\ZService.exe'
- '<SYSTEM32>\ipconfig.exe' /all
- %WINDIR%\ZService.exe
- C:\Users\Music.exe
- %WINDIR%\FbMonitor.exe
- %PROGRAM_FILES%\FbService.exe
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICMonitor.exe
- %WINDIR%\WindowsLog.txt
- %WINDIR%\WConfig.txt
- C:\Users\Public\Music.exe
- <LS_APPDATA>\Microsoft\<Имя вируса>.exe_Url_vhjf5iwd5kfr4inxqdesdml4dzx0tzde\1.0.0.0\db4ozxs5.newcfg
- %WINDIR%\ZService.exe
- %WINDIR%\FbMonitor.exe
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICMonitor.exe
- %WINDIR%\WindowsLog.txt
- %WINDIR%\WConfig.txt
- %WINDIR%\WConfig.txt
- <LS_APPDATA>\Microsoft\<Имя вируса>.exe_Url_vhjf5iwd5kfr4inxqdesdml4dzx0tzde\1.0.0.0\db4ozxs5.newcfg в <LS_APPDATA>\Microsoft\<Имя вируса>.exe_Url_vhjf5iwd5kfr4inxqdesdml4dzx0tzde\1.0.0.0\user.config
- DNS ASK dn#.##ftncsi.com
- DNS ASK www.google.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''