Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\943e68563a4bce2] 'ImagePath' = '<DRIVERS>\943e68563a4bce2.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\943e68563a4bce2] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\syshost32] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\1b2e0] 'Start' = '00000001'
- %WINDIR%\Installer\{555ABDE9-AC4A-BB2D-F758-35EECD7B9794}\syshost.exe /service
- NtOpenThread, драйвер-обработчик: unknown
- NtOpenProcess, драйвер-обработчик: unknown
- <DRIVERS>\943e68563a4bce2.sys
- <DRIVERS>\1b2e0.sys
- %WINDIR%\Installer\{555ABDE9-AC4A-BB2D-F758-35EECD7B9794}\syshost.exe
- <DRIVERS>\1b2e0.sys
- из <Полный путь к вирусу> в %TEMP%\10f3ae14.tmp
- '62.##.229.134':80
- 'fa###ook.com':80
- 62.##.229.134/cgi-bin/auth.cgi
- DNS ASK jl####ytlnxvi.com
- DNS ASK xz####snswfokf.com
- DNS ASK oo###tfbwuq.com
- DNS ASK fa###ook.com
- DNS ASK gg####cbwejyf.com