Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Sysins' = '"%PROGRAM_FILES%\Microsoft System\Sysins.exe"'
- [<HKLM>\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\Microsoft System\Sysins.exe' = '%PROGRAM_FILES%\Microsoft System\Sysins.exe:*:Enabled:Sysins'
- '%PROGRAM_FILES%\Microsoft System\Sysins.exe'
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="System Thread" protocol=TCP dir=in action=allow
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%PROGRAM_FILES%\microsoft system\sysins.exe"
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\Microsoft System\Sysins.exe" "Sysins" ENABLE
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\Kill.bat" "
- '<SYSTEM32>\attrib.exe' "<Полный путь к вирусу>" -h -r -s
- %PROGRAM_FILES%\Microsoft System\Sysins.exe
- <Текущая директория>\Kill.bat
- <SYSTEM32>\MSWINSCK.ocx
- %PROGRAM_FILES%\Microsoft System\Sysins.exe
- %TEMP%\~DF934D10CEE9F0E3FB.TMP
- DNS ASK pd###.egloos.com
- DNS ASK na####ts.zapto.org
- DNS ASK up#####ii.tistory.com
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'