Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- %TEMP%\aIg\¶уАО.bmp
- %TEMP%\aIg\їЎ±Г.png
- %TEMP%\aIg\·О±ЧАО2.bmp
- %TEMP%\aIg\·О±ЧАО.bmp
- %TEMP%\aIg\·О±ЧАО1.bmp
- 'www.??###???.com':80
- 'localhost':1040
- 'ss####.dothome.co.kr':80
- www.??###???.com/
- ss####.dothome.co.kr/%D1%97%D0%8E%C2%B1%D0%93/S-SERVER.txt
- ss####.dothome.co.kr/???##########
- DNS ASK www.їў##com
- DNS ASK ss####.dothome.co.kr
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'AutoHotkey' WindowName: '<Полный путь к вирусу>'
- ClassName: '#32771' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''