Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '68707735' = '%ALLUSERSPROFILE%\Application Data\68707735\68707735.exe'
- %ALLUSERSPROFILE%\Application Data\68707735\68707735.exe Data\68707735\68707735.exe /install
- <SYSTEM32>\taskkill.exe /im <Имя вируса>.exe /f
- <SYSTEM32>\cmd.exe /c ""%ALLUSERSPROFILE%\Application Data\68707735\68707735.bat" "
- %ALLUSERSPROFILE%\Application Data\68707735\68707735.bat
- %ALLUSERSPROFILE%\Application Data\68707735\68707735.exe
- 'an####rusread.com':80
- an####rusread.com/in.php?af###############
- DNS ASK an####rusread.com
- ClassName: '' WindowName: ''