Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{AE66B0BD-FB90-43b2-B243-AFF2C8FAA602}] 'stubpath' = '<SYSTEM32>\regsvr32.exe /s <SYSTEM32>\wwansvcs.dll'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'ctfmons' = 'rundll32.exe "<SYSTEM32>\wwansvcs.dll",SetInputScope'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmons' = 'rundll32.exe "<SYSTEM32>\wwansvcs.dll",SetInputScope'
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\ipconfig.exe' /all
- '<SYSTEM32>\tasklist.exe' /v
- '<SYSTEM32>\ping.exe' 127.1
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\wwansvcs.dll"
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\wwansvcs.dll",SetInputScope
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\wstiuau~.bat" "<Полный путь к вирусу>""
- <SYSTEM32>\wcdfam
- <SYSTEM32>\wmkbpf_2
- <SYSTEM32>\wcdfam_2
- <SYSTEM32>\wcdfam_1
- <SYSTEM32>\wmkbpf_1
- <SYSTEM32>\wwansvcs.tmp
- <SYSTEM32>\wmkbpf
- <Текущая директория>\wstiuau~.bat
- <SYSTEM32>\wcdfam
- <SYSTEM32>\wcdfam_1
- <SYSTEM32>\wcdfam_2
- <SYSTEM32>\wmkbpf
- <SYSTEM32>\wmkbpf_1
- <SYSTEM32>\wmkbpf_2
- <SYSTEM32>\wwansvcs.tmp в <SYSTEM32>\wwansvcs.dll
- 'lo###.ohbah.com':80
- 'localhost':1039
- DNS ASK lo###.ohbah.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''