Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winip' = 'C:\SystemRot\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Sys' = '%WINDIR%\sys.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '%WINDIR%\sys.exe'
- '%TEMP%\si.exe'
- '%TEMP%\ie.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\SystemRot\1.bat" "
- '<SYSTEM32>\net1.exe' stop MpsSvc
- '<SYSTEM32>\net1.exe' start "C:\SystemRot\svchost.exe"
- '<SYSTEM32>\schtasks.exe' /create /tn "svchost" /tr %WINDIR%\svchost.exe /sc onlogon /ru "System" /f
- '<SYSTEM32>\net.exe' stop wscsvc
- '<SYSTEM32>\netsh.exe' firewall set opmode mode=disable
- '<SYSTEM32>\net1.exe' stop wscsvc
- '<SYSTEM32>\net.exe' stop MpsSvc
- %WINDIR%\sys.exe
- C:\SystemRot\1.bat
- %TEMP%\ie.exe
- %TEMP%\si.exe
- C:\SystemRot\1.bat
- '93.##8.134.11':25
- '2i#.ru':80
- 2i#.ru/
- DNS ASK sm##.yandex.ru
- DNS ASK 2i#.ru