Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'services' = '%WINDIR%\services.exe'
- Центр обеспечения безопасности (Security Center)
- '%WINDIR%\services.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram %WINDIR%\services.exe allowed ENABLE
- '<SYSTEM32>\netsh.exe' firewall set opmode DISABLE
- '<SYSTEM32>\cmd.exe' /c "adobe.bat"
- '<SYSTEM32>\cmd.exe' /c "file.bat"
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram <Полный путь к вирусу> allowed ENABLE
- %WINDIR%\adobe.bat
- %WINDIR%\services.exe
- %WINDIR%\file.bat
- %WINDIR%\services.exe
- 'ma##.aol.com':25
- '74.##5.232.51':25
- '67.##5.160.76':25
- '66.##2.109.178':80
- 'ma##.#otmail.com':25
- 66.##2.109.178http://66.232.109.178/spm/s_tasks.php?id########################
- DNS ASK google.com
- DNS ASK ma##.aol.com
- DNS ASK ma##.com
- DNS ASK ma##.google.com
- DNS ASK ao#.com
- DNS ASK ma##.#otmail.com
- DNS ASK ho##ail.com
- DNS ASK ma##.yahoo.com
- DNS ASK ya##o.com