Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AIUpdateService' = '"%ProgramFiles%\Microsoft Data\<Virus name>.exe" /reinstall=1'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'amigo' = ''
- %TEMP%\Folder_Data_RC_ADDS\xml\op_wid.xml
- %TEMP%\Folder_Data_RC_ADDS\js\chr_pref.json
- %TEMP%\Folder_Data_RC_ADDS\xml\task.xml
- %APPDATA%\0000000000000
- %TEMP%\Folder_Data_RC_ADDS\xml\op_data.xml
- %TEMP%\Folder_Data_RC_ADDS\adds\addon.xpi
- %ProgramFiles%\Microsoft Data\<Virus name>.exe
- %TEMP%\Folder_Data_RC_ADDS\adds\addon.crx
- %TEMP%\Folder_Data_RC_ADDS\js\ff_set.json
- %TEMP%\Folder_Data_RC_ADDS\adds\addon.oex
- 'xs###ligat.ru':80
- http://xs###ligat.ru/installLog.php?sc###########################################################################################################################################################...
- DNS ASK xs###ligat.ru
- ClassName: 'Indicator' WindowName: ''