Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = 'C:\System Volume Information\Control.exe'
- 'C:\System Volume Information\Control.exe' <Полный путь к вирусу>
- '<SYSTEM32>\cacls.exe' "C:\System Volume Information" /E /R %USERNAME%
- '<SYSTEM32>\cacls.exe' "C:\System Volume Information" /E /G %USERNAME%:F
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\MZђ[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\data[1].php
- C:\System Volume Information\Control.exe
- 'www.up.##radura.us':80
- 'ge###tool.com':80
- 'localhost':1035
- www.up.##radura.us/view/fondo/MZ?
- ge###tool.com/data.php
- DNS ASK www.up.##radura.us
- DNS ASK ge###tool.com