Техническая информация
- '%TEMP%\svdc_support.exe'
- '%TEMP%\svdc_driver.exe'
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > "%TEMP%\svdc_support.exe":ZONE.identifier & exit
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > "%TEMP%\svdc_driver.exe":ZONE.identifier & exit
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > "<Полный путь к вирусу>":ZONE.identifier & exit
- [<HKCU>\Software\Valve\Steam]
- %TEMP%\AllPasswords.html
- %TEMP%\System.Data.SQLite.dll
- %TEMP%\DotNetZip-ka3g3d5q.tmp
- %TEMP%\Ionic.Zip.dll
- %TEMP%\svdc_support.exe:ZONE.identifier
- %TEMP%\svdc_driver.exe
- <Полный путь к вирусу>:ZONE.identifier
- %TEMP%\svdc_driver.exe:ZONE.identifier
- %TEMP%\svdc_support.exe
- %TEMP%\DotNetZip-ka3g3d5q.tmp в %TEMP%\GrabbedTxtFiles.zip
- 'ji####8-0.myjino.ru':80
- '2i#.ru':80
- 'wp#d':80
- http://2i#.ru/
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ji####8-0.myjino.ru
- DNS ASK 2i#.ru
- DNS ASK wp#d