Техническая информация
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\287312.bat" "<Полный путь к вирусу>" "
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Options]
- [<HKCU>\Software\BPFTP]
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Options]
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Main]
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Main]
- [<HKCU>\Software\Sota\FFFTP\Options]
- [<HKCU>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\South River Technologies\WebDrive\Connections]
- [<HKCU>\Software\FTP Explorer\Profiles]
- [<HKCU>\Software\CoffeeCup Software\Internet\Profiles]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKLM>\Software\FlashFXP]
- [<HKCU>\Software\Far2\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\Far\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Far\Plugins\FTP\Hosts]
- [<HKCU>\Software\Far2\Plugins\FTP\Hosts]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\FlashFXP]
- [<HKLM>\Software\FlashFXP\3]
- [<HKCU>\Software\FlashFXP\3]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKLM>\Software\Ghisler\Total Commander]
- %TEMP%\287312.bat
- 'www.br###und.net':80
- 'ca###eetz.com':80
- www.br###und.net/wtstats.php
- ca###eetz.com/wtstats.php
- DNS ASK www.br###und.net
- DNS ASK ca###eetz.com