Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SettingSyncHost' = '%TEMP%\SettingSyncHost.exe'
- %TEMP%\settingsynchost.exe
- %TEMP%\growz.exe
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\fixmbr.bat
- %TEMP%\settingsynchost.exe
- %TEMP%\growz.exe
- %TEMP%\fixmbr.bat
- http://ic###azip.com/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK ic###azip.com
- DNS ASK di###rdapp.com
- DNS ASK microsoft.com
- '%TEMP%\settingsynchost.exe'
- '%TEMP%\growz.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\fixmbr.bat" "
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath $ENV:USERPROFILE\AppData\Local\Temp