Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Configure Tool' = '<SYSTEM32>\i386-winconf.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\i386-winconf.exe' = '<SYSTEM32>\i386-winconf.exe:*:Enabled:Windows Configure Tool'
- <SYSTEM32>\i386-winconf.exe 84 "<Полный путь к вирусу>"
- <SYSTEM32>\i386-winconf.exe
- <SYSTEM32>\i386-winconf.exe
- '21#.#46.171.142':80
- 21#.#46.171.142/q.php?ve###############################################
- DNS ASK google.com