Техническая информация
- [<HKLM>\SOFTWARE\Classes\txfile\shell\open\command] '' = '%PROGRAM_FILES%\XFNTC\winlog.exe %1'
- %HOMEPATH%\Start Menu\Programs\Startup\z0800.tx
- '%PROGRAM_FILES%\XFNTC\winlog.exe' z0800.tx
- '%PROGRAM_FILES%\XFNTC\winlog.exe' Йѕ<Полный путь к вирусу>
- %PROGRAM_FILES%\XFNTC\winlog0.txt
- %PROGRAM_FILES%\XFNTC\ipc
- %PROGRAM_FILES%\XFNTC\winlog.exe
- %WINDIR%\win32.btl
- %PROGRAM_FILES%\XFNTC\winlog.chm
- %PROGRAM_FILES%\XFNTC\ipc
- 'localhost':1042
- 'localhost':1044
- 'localhost':1046
- 'localhost':1037
- 'yo##6.com':80
- 'localhost':1040
- http://yo##6.com/kfkfkf36/ididid36/90089/ip.txt
- DNS ASK yo##6.com
- ClassName: 'TForm1' WindowName: 'netgodc'
- ClassName: 'MS_WINHELP' WindowName: ''