Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sycon3' = '%APPDATA%\sycon3.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\sycon] 'Start' = '00000002'
- '%APPDATA%\sycon3.exe' delete "<Полный путь к вирусу>"
- '%APPDATA%\sycon3.exe' service
- %APPDATA%\sycon3.exe
- 'ir#.#usfur.net':6667
- DNS ASK ir#.#usfur.net
- ClassName: 'Indicator' WindowName: '(null)'