Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{BD7F83B9-6139-7672-DF0A-35009C2FA3FD}] 'StubPath' = '%WINDIR%:mswinchite.exe'
- [<HKLM>\SOFTWARE\Classes\My20130401.Document\shell\open\command] '' = '<Полный путь к вирусу> /dde'
- %WINDIR%:mswinchite.exe
- 'ne##.#00fanwen.com':80
- 'ne##.#00fanwen.com':443
- DNS ASK ne##.#00fanwen.com