Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:MP3 Converter'
- %TEMP%\is799009782\949666361.cfg
- %TEMP%\is799009782\607685322.cfg
- %TEMP%\is799009782\1267641416.cfg
- %TEMP%\is799009782\1383550791.cfg
- 'eu####.nbeshine.com':80
- 'sd###adsa.com':80
- 'go###.wakechao.com':80
- 'kh###hkj.com':80
- 'us####.nbeshine.com':80
- eu####.nbeshine.com/Bund/Babylon/Babylon8_setup_15627.cis
- sd###adsa.com/
- go###.wakechao.com/vscript/utils/IP2CC.psc
- kh###hkj.com/
- us####.nbeshine.com/Bund/Babylon/Babylon8_setup_15627.cis
- go###.wakechao.com/vscript/vercheck.psc?pc#############
- go###.wakechao.com/vscript/vercheck.psc?pc############
- DNS ASK eu####.nbeshine.com
- DNS ASK sd###adsa.com
- DNS ASK go###.wakechao.com
- DNS ASK kh###hkj.com
- DNS ASK us####.nbeshine.com
- ClassName: 'Shell_TrayWnd' WindowName: ''