Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'msiexec.exe' = '<Полный путь к вирусу>'
- %TEMP%\is-70B1C.tmp\KMSpico_setup.tmp /SL5="$200EC,995474,419840,%TEMP%\KMSpico\KMSpico_setup.exe" /PASSWORD=B478B478c0f8d9FA4OR4Vy6rJRMFdDT81vRL98gyea3oSNFgPFhArZ1i4sd2Sz5zY5e159LQjvPBDPRKCg2CUDxtZTUXNXjbL3BQmjN9dx2OBQUa0GYKotyLjPG4ORJaABKCJXbXm51fmuArZ1i4sd2Sz5zY5e159LQj
- %TEMP%\KMSpico\KMSpico_setup.exe /PASSWORD=B478B478c0f8d9FA4OR4Vy6rJRMFdDT81vRL98gyea3oSNFgPFhArZ1i4sd2Sz5zY5e159LQjvPBDPRKCg2CUDxtZTUXNXjbL3BQmjN9dx2OBQUa0GYKotyLjPG4ORJaABKCJXbXm51fmuArZ1i4sd2Sz5zY5e159LQj
- %TEMP%\KMSpico_Install_v4.1.exe
- ICQ.exe
- %TEMP%\is-I9GSC.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-I9GSC.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-I9GSC.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-70B1C.tmp\KMSpico_setup.tmp
- %TEMP%\KMSpico_Install_v4.1.exe
- %APPDATA%\CRNJEUFU - 764.txt
- %TEMP%\KMSpico\KMSpico_setup.exe
- 'ft####b.ohost.de':21
- 'wp#d':80
- wp#d/wpad.dat
- DNS ASK ft####b.ohost.de
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''