Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NvCplClient' = '<SYSTEM32>\nvcplclnt.exe'
- '<SYSTEM32>\nvcplclnt.exe' -d "<Полный путь к вирусу>"
- <SYSTEM32>\nvcplclnt.exe
- <SYSTEM32>\nvcplclnt.exe
- 'www.bo##ova.com':80
- 'bo###va.8m.com':80
- 'www.lo###base.com':80
- '25#.#55.255.255':1
- bo###va.8m.com/noip.txt
- www.bo##ova.com/noip.txt
- www.lo###base.com/noip.txt
- DNS ASK bo###va.8m.com
- DNS ASK www.bo##ova.com
- DNS ASK www.lo###base.com