Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'WindowsUpdate' = '%APPDATA%\Microsoft\Windows\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\Microsoft\Windows\svchost.exe' = '%APPDATA%\Microsoft\Windows\svchost.exe:*:Enabled:Microsoft Windows Update'
- '%APPDATA%\Microsoft\Windows\svchost.exe' "<Полный путь к вирусу>"
- '<SYSTEM32>\net1.exe' stop wscsvc
- '<SYSTEM32>\net1.exe' stop MpsSvc
- '<SYSTEM32>\sc.exe' config mpssvc start=Disabled
- '<SYSTEM32>\net.exe' stop wscsvc
- '<SYSTEM32>\net.exe' stop MpsSvc
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cp[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cp[1].htm
- %APPDATA%\Microsoft\Windows\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cp[1].htm
- 'ri####maimi29.com':80
- 'hf####fdsfhj3.com':80
- '62.##.42.184':80
- DNS ASK ri####maimi29.com
- DNS ASK hf####fdsfhj3.com