Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Windows Mode Verifying' = 'doomscock.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Mode Verifying' = 'doomscock.exe'
- <SYSTEM32>\doomscock.exe 316 "<Полный путь к вирусу>"
- <SYSTEM32>\cmd.exe /c c:\a.bat
- <SYSTEM32>\drwtsn32.exe
- %TEMP%\Temporary Internet Files\Content.IE5\MN0P29A5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\8JF7XVVV\desktop.ini
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\U5G8943O\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\25AJQHQN\desktop.ini
- %TEMP%\1.reg
- C:\a.bat
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- <SYSTEM32>\doomscock.exe
- %TEMP%\Temporary Internet Files\Content.IE5\MN0P29A5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\U5G8943O\desktop.ini
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\8JF7XVVV\desktop.ini
- <SYSTEM32>\doomscock.exe
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\25AJQHQN\desktop.ini
- '25#.#55.255.255':6667
- 'le##.###rocksnpepsi.info':6667
- DNS ASK le##.###rocksnpepsi.info
- ClassName: 'mIRC' WindowName: ''