Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{ABC6B2B2-FC9C-96FA-D94D-EDB1CD810C3F}] 'StubPath' = '%WINDIR%\msconketfil.exe'
- [<HKLM>\SOFTWARE\Classes\My20130401.Document\shell\open\command] '' = '<Полный путь к вирусу> /dde'
- %WINDIR%\msconketfil.exe
- 'sc###.exprenum.com':80
- 'sc###.exprenum.com':443
- DNS ASK sc###.exprenum.com