Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update Agent' = '"<Полный путь к вирусу>"'
- '<SYSTEM32>\wbem\wmic.exe' os get caption
- %TEMP%\tmp3.tmp
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %TEMP%\tmp1.tmp
- %TEMP%\tmp2.tmp
- %TEMP%\tmp3.tmp
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- 'ki####.zapto.org':7779
- DNS ASK ki####.zapto.org
- ClassName: '(null)' WindowName: 'System Configuration'
- ClassName: '(null)' WindowName: 'System Configuration Utility'
- ClassName: '(null)' WindowName: 'Autoruns [CRNJEUFU\%USERNAME%] - Sysinternals: www.sysinternals.com'
- ClassName: '(null)' WindowName: 'Utilitaire de configuration syst?me'
- ClassName: '(null)' WindowName: '?diteur du Registre'
- ClassName: '(null)' WindowName: 'Registry Editor'
- ClassName: '(null)' WindowName: 'Configuration du syst?me'