Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Audio Server] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Audio Server] 'ImagePath' = '<Полный путь к вирусу>'
- [<HKLM>\SYSTEM\ControlSet001\Services\RavCpl64] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\RavCpl64] 'ImagePath' = '%WINDIR%\wwmiwy.exe'
- '<SYSTEM32>\cmd.exe' /c del <Текущая директория>\ws_32.exe > nul
- '%WINDIR%\wwmiwy.exe'
- '<Текущая директория>\ws_32.exe'
- ClassName: 'Filemonclass' WindowName: ''
- ClassName: 'Regmonclass' WindowName: ''
- %WINDIR%\wwmiwy.exe
- \Device\LanmanRedirector\WORKGROUP*\MAILSLOT\NET\NETLOGON
- <Текущая директория>\AutoUpdate.exe
- <Текущая директория>\ws_32.exe
- <Текущая директория>\ws_32.exe
- '<L####NET_GATEWAY>':80
- '<L####NET_GATEWAY>':139
- 'ht##.eicp.net':10991
- 'www.cq##ol.cn':80
- '<L####NET_GATEWAY>':445
- http://www.cq##ol.cn/gm/ddos.txt
- http://www.cq##ol.cn/gm/switch.txt
- DNS ASK ht##.eicp.net
- DNS ASK www.cq##ol.cn
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: '4823-00000029' WindowName: ''
- ClassName: '18467-41' WindowName: ''