Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RPCAXS] 'ImagePath' = '<SYSTEM32>\SPOOLSVC.EXE'
- [<HKLM>\SYSTEM\ControlSet001\Services\RPCAXS] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\\r.bat <Полный путь к вирусу>
- '<SYSTEM32>\SPOOLSVC.EXE'
- %TEMP%\r.bat
- <SYSTEM32>\SPOOLSVC.EXE
- 'ir#.#fnet.pl':6667
- 'ir#.he.net':6667
- '65.#7.234.3':6667
- 'ir#.#axnet.no':6667
- 'ir#.#oxlink.net':6667
- 'ir#.dks.ca':6667
- 'ir#.#ecsup.org':6667
- DNS ASK ir#.#axnet.no
- DNS ASK ir#.#fnet.pl
- DNS ASK ir#.he.net
- DNS ASK ir#.#oxlink.net
- DNS ASK ir#.dks.ca
- DNS ASK ir#.#ecsup.org