Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\a6e60589.lnk
- [<HKLM>\System\CurrentControlSet\Services\aGnN45] 'Start' = '00000000'
- [<HKLM>\System\CurrentControlSet\Services\aGnN45] 'ImagePath' = 'system32\drivers\a8dd1d70.sys'
- Центр обеспечения безопасности (Security Center)
- %TEMP%\c913194b
- %TEMP%\893b62ec.bat
- <DRIVERS>\a8dd1d70.sys
- %WINDIR%\temp\uddaf1e.tmp
- %TEMP%\c913194b
- %WINDIR%\temp\uddaf1e.tmp
- DNS ASK a.###d4zvz.com
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\893b62ec.bat"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\893b62ec.bat"
- '<SYSTEM32>\sc.exe' stop aGnN45
- '<SYSTEM32>\sc.exe' delete aGnN45
- '<SYSTEM32>\sc.exe' create aGnN45 type= kernel start= boot error= normal binPath= "<DRIVERS>\a8dd1d70.sys"
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Security Center" /v AntiVirusDisableNotify /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v DisableNotificationCenter /t REG_DWORD /d 1 /f
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 2 -w 1000
- '<SYSTEM32>\cmd.exe' /C del "%TEMP%\893b62ec.bat"