Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Acer' = '%WINDIR%\Temp\isp7KJR.tmp\temp.exe'
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Acer" /d "%WINDIR%\Temp\isp7KJR.tmp\temp.exe
- <LS_APPDATA>\515618465489754-684-34183\<Имя вируса>.exe_Url_0ztqb42aglxsvmalrv13uwr54evhutlf\2.5.7.3\p7v3mwdi.newcfg
- %WINDIR%\Temp\isp7KJR.tmp\temp.exe
- %WINDIR%\Temp\isp7KJR.tmp\temp.exe
- 'www.ic####ive-studio.fr':80
- 'wp#d':80
- www.ic####ive-studio.fr/check.php
- wp#d/wpad.dat
- DNS ASK www.ic####ive-studio.fr
- DNS ASK wp#d