Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ProcessManager' = '<Полный путь к вирусу> -back'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:processmanamger'
- 'ap##.###cessmanager.co.kr':11022
- 'ap#.####essmanager.co.kr':11012
- 'up.####essmanager.co.kr':80
- up.####essmanager.co.kr/version.cfg
- DNS ASK ap##.###cessManager.co.kr
- DNS ASK ap#.####essManager.co.kr
- DNS ASK up.####essmanager.co.kr
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'