Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XXXXXX6FEF4FAE' = '%WINDIR%\XXXXXX6FEF4FAE\svchsot.exe'
- '%TEMP%\H2ro.exe' ADN
- '%TEMP%\їАЕдј¦.exe'
- '%TEMP%\~__UNINST.EXE' <Полный путь к вирусу>
- %TEMP%\H2ro.exe
- %WINDIR%\XXXXXX6FEF4FAE\svchsot.exe
- %TEMP%\їАЕдј¦.exe
- %TEMP%\~__UNINST.EXE
- %TEMP%\~pmThis.tmp
- %TEMP%\~pmThis.tmp
- 'localhost':8000
- 'wo####706.codns.com':7706
- DNS ASK wo####706.codns.com
- ClassName: '' WindowName: '??????????????'
- ClassName: '' WindowName: 'ИрРЗіМРтЙэј¶ЦР'
- ClassName: '' WindowName: 'SuddenAttack'
- ClassName: 'Shell_TrayWnd' WindowName: ''