Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Adobe Reader Quick Launcher' = '"\BootAgent.exe" /run'
- <Полный путь к вирусу>
- %TEMP%\RealTeck.zip
- %TEMP%\RealLan.zip
- %TEMP%\BootAgent.zip
- %TEMP%\RealAdapter.zip
- %TEMP%\RealLan.zip
- %TEMP%\RealTeck.zip
- %TEMP%\RealAdapter.zip
- 'ha#####00.cafe24.com':80
- ha#####00.cafe24.com/cc/RealTeck.zip
- ha#####00.cafe24.com/cc/RealLan.zip
- ha#####00.cafe24.com/cc/BootAgent.zip
- ha#####00.cafe24.com/cc/RealAdapter.zip
- DNS ASK ha#####00.cafe24.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'TFmMSAgent' WindowName: '___'