Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{517B012G-714V-E234-XHA6-21C3DB6R72I0}] 'StubPath' = '%CommonProgramFiles%\windows.exe Restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'windows' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'windows' = ''
- %CommonProgramFiles%\logs.dat
- %CommonProgramFiles%\windows.exe
- %CommonProgramFiles%\logs.dat
- %CommonProgramFiles%\windows.exe
- <Полный путь к вирусу>
- '??.##caldomain':81
- 'ro##.3322.org':81
- DNS ASK ro##.3322.org
- ClassName: 'Indicator' WindowName: ''