Техническая информация
- [<HKLM>\SOFTWARE\Classes\PROTOCOLS\Handler\res] 'CLSID' = '{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}'
- [<HKLM>\SOFTWARE\Classes\PROTOCOLS\Handler\mailto] 'CLSID' = '{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}'
- [<HKLM>\SOFTWARE\Classes\PROTOCOLS\Handler\sysimage] 'CLSID' = '{76E67A63-06E9-11D2-A840-006008059382}'
- [<HKLM>\SOFTWARE\Classes\PROTOCOLS\Handler\javascript] 'CLSID' = '{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}'
- [<HKLM>\SOFTWARE\Classes\PROTOCOLS\Handler\vbscript] 'CLSID' = '{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}'
- [<HKLM>\SOFTWARE\Classes\PROTOCOLS\Handler\about] 'CLSID' = '{3050F406-98B5-11CF-BB82-00AA00BDCE0B}'
- '<SYSTEM32>\regsvr32.exe' Oleaut32.dll /s
- '<SYSTEM32>\regsvr32.exe' Actxprxy.dll /s
- '<SYSTEM32>\regsvr32.exe' Mshtml.dll /s
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\winsock.bat" "
- '<SYSTEM32>\regsvr32.exe' Shdocvw.dll /s
- '<SYSTEM32>\cmd.exe' /c "<Имя вируса>.exe_And DeleteMe.bat"
- <Полный путь к вирусу>_And DeleteMe.bat
- %TEMP%\RGI2.tmp
- %TEMP%\RGI3.tmp
- <SYSTEM32>\wxljbczrqnz.exe
- %WINDIR%\winsock.bat
- %WINDIR%\Temp\fycf.mod
- %TEMP%\RGI1.tmp
- <SYSTEM32>\wxljbczrqnz.exe
- %TEMP%\RGI2.tmp
- %TEMP%\RGI3.tmp
- %TEMP%\RGI1.tmp
- <Полный путь к вирусу>_And DeleteMe.bat
- 'localhost':1038
- '22#.#16.231.73':7101