Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Media' = '<SYSTEM32>\WmInit.exe'
- '<SYSTEM32>\WmInit.exe' "<Полный путь к вирусу>"
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- <SYSTEM32>\WmInit.exe
- <SYSTEM32>\WmInit.dat
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- '17#.#1.106.215':35103
- 'un####k8599.info':35105
- '17#.#1.106.215':35105
- '17#.#1.106.215':35100
- '17#.#1.106.215':35107
- '17#.#1.106.215':35108
- '17#.#1.106.215':35106
- 'bl###3331.org':35104
- DNS ASK un####k8599.info
- DNS ASK bl###3331.org