Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'SystemService' = '%TEMP%\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 'SystemService' = '%TEMP%\svchost.exe:*:Enabled:svchost'
- '%TEMP%\svchost.exe'
- '<SYSTEM32>\reg.exe' ADD HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /V "SystemService" /D "%TEMP%\svchost.exe:*:Enabled:svchost" /f
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run /V "SystemService" /D "%TEMP%\svchost.exe" /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Systems.bat" "
- %TEMP%\Lsd.dll
- %TEMP%\WinSocks.sw
- %TEMP%\Systems.bat
- %TEMP%\svchost.exe
- %TEMP%\Lsd.dll
- 'kt#t.ru':80
- kt#t.ru/1/getcmd.php?id####################
- DNS ASK kt#t.ru