Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- '<SYSTEM32>\netsh.exe' firewall set opmode enable
- '<SYSTEM32>\RunLegacyCPLElevated.exe' Shell32.dll,Control_RunDLL "<Полный путь к вирусу>" wCreIMfaIyporCO0p5LWZezQNOxAQg15578TTKe14UsZdS2
- '<SYSTEM32>\rundll32.exe' shell32.dll,Control_RunDLL "<Полный путь к вирусу>"
- '20#.#8.128.127':1433
- 'en#######74.jelasticlw.com.br':80
- DNS ASK dn#.##ftncsi.com
- DNS ASK en#######74.jelasticlw.com.br
- ClassName: 'MS_WINHELP' WindowName: ''