Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dmutsapi' = '%APPDATA%\corppres\aaaanfig.exe'
- '<SYSTEM32>\cmd.exe' /C "echo -------- >> %TEMP%\7A0F.bi1"
- '<SYSTEM32>\nslookup.exe' myip.opendns.com resolver1.opendns.com
- '<SYSTEM32>\cmd.exe' /C "echo -------- >> %TEMP%\872F.bi1"
- '<SYSTEM32>\cmd.exe' /C "nslookup myip.opendns.com resolver1.opendns.com > %TEMP%\872F.bi1"
- '<SYSTEM32>\cmd.exe' /C ""%APPDATA%\corppres\aaaanfig.exe" "<Полный путь к вирусу>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1836\30.bat" "%APPDATA%\corppres\aaaanfig.exe" "<Полный путь к вирусу>""
- '<SYSTEM32>\cmd.exe' /C "nslookup myip.opendns.com resolver1.opendns.com > %TEMP%\7A0F.bi1"
- '%APPDATA%\corppres\aaaanfig.exe' "<Полный путь к вирусу>"
- %WINDIR%\Explorer.EXE
- opera.exe
- %TEMP%\7A0F.bi1
- %TEMP%\872F.bi1
- %APPDATA%\corppres\aaaanfig.exe
- %TEMP%\1836\30.bat
- %TEMP%\872F.bi1
- %TEMP%\7A0F.bi1
- 'sd##comm.at':80
- 're#####r1.opendns.com':53
- 'localhost':1036
- 'st###control.it':80
- http://sd##comm.at/statfiles/pz/tr.so
- http://st###control.it/connectors/element/simages/tr.so
- DNS ASK re#####r1.opendns.com
- DNS ASK cy##on.at
- DNS ASK st###control.it
- DNS ASK sd##comm.at
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'ProgMan' WindowName: ''