Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ZJO42DWKTE] 'Start' = '00000002'
- C:\2.exe MNQEVQUKIHRUEC
- <SYSTEM32>\regsvr32.exe /u /s msvidctl.dll
- <SYSTEM32>\regsvr32.exe /u /s vbscript.dll
- <SYSTEM32>\cmd.exe /c c:\2.bat
- %PROGRAM_FILES%\EQKXYF5\GZAZH.exe
- %PROGRAM_FILES%\EQKXYF5\U5NOMWNE.exe
- %WINDIR%\MNQEVQUKIHRUEC.txt
- C:\2.exe
- C:\2.bat
- %PROGRAM_FILES%\EQKXYF5\U5NOMWNE.exe
- %PROGRAM_FILES%\EQKXYF5\GZAZH.exe
- <Полный путь к вирусу>
- '66.##.187.31':443
- '22#.73.10.1':443
- ClassName: 'MNQEVQUKIHRUEC' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MNQEVQUKIHRUEC' WindowName: 'uybbcteimf'