Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:PDF Creator'
- [<HKLM>\SOFTWARE\Microsoft\MSNMessenger]
- %TEMP%\is799009782\2112242300.cfg
- %TEMP%\is799009782\1922716586.cfg
- %TEMP%\is799009782\662657193.cfg
- 'us####.awsdata.com':80
- 'cv.##eckver.org':80
- cv.##eckver.org/vscript/utils/IP2CC.psc
- us####.awsdata.com/Prod/CCPDFConverter1.1.CIS
- us####.awsdata.com/Bund/AInstaller.CIS
- us####.awsdata.com/Bund/Babylon/Babylon8_sq_14542.cis
- cv.##eckver.org/vscript/vercheck.psc?pc############
- cv.##eckver.org/vscript/vercheck.psc?pc#############
- DNS ASK us####.awsdata.com
- DNS ASK cv.##eckver.org
- ClassName: 'Shell_TrayWnd' WindowName: ''