Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Wmi] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] '<SYSTEM32>\svchost.exe' = '<SYSTEM32>\svchost.exe:*:Enabled:hossvct'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\svchost.exe' = '<SYSTEM32>\svchost.exe:*:Enabled:hossvct'
- '<SYSTEM32>\Reg16.exe' -d "<Полный путь к вирусу>"
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\Reg16.exe
- '21#.#73.225.51':122
- '62.#0.8.103':443
- '12#.#15.194.237':80
- '74.##5.232.51':80
- '19#.#71.32.5':124
- '21#.#29.105.25':443
- DNS ASK www.google.com